Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32280 (GCVE-0-2026-32280)
Vulnerability from cvelistv5 – Published: 2026-04-08 01:06 – Updated: 2026-07-10 12:05- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.25.9
(semver)
Affected: 1.26.0-0 , < 1.26.2 (semver) |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 10 |
cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10 |
|
| Red Hat | Red Hat Enterprise Linux Server (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
cpe:/a:redhat:openshift:4.17::el8 cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
cpe:/a:redhat:openshift:4.18::el8 cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 |
cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9 |
|
| Red Hat | Cryostat 4 on RHEL 9 |
cpe:/a:redhat:cryostat:4::el9 |
|
| Red Hat | RHEM 1.0 for RHEL 9 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 cpe:/a:redhat:openstack:17.1::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
cpe:/a:redhat:openshift:4.19::el8 cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 |
cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.19 for RHEL 9 |
cpe:/a:redhat:satellite:6.19::el9 cpe:/a:redhat:satellite_capsule:6.19::el9 cpe:/a:redhat:satellite_maintenance:6.19::el9 cpe:/a:redhat:satellite_utils:6.19::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.6) |
cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.8.6) |
cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream TUS (v.8.6) |
cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.4) |
cpe:/a:redhat:rhel_e4s:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Custom Metric Autoscaler 2.19 |
cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9 |
|
| Red Hat | HawtIO HawtIO 4.4.0 |
cpe:/a:redhat:apache_camel_hawtio:4.4::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.0 |
cpe:/a:redhat:logging:6.0::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.4 |
cpe:/a:redhat:logging:6.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.4.5 |
cpe:/a:redhat:multicluster_globalhub:1.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.5.4 |
cpe:/a:redhat:multicluster_globalhub:1.5::el9 |
|
| Red Hat | Multicluster Global Hub 1.6.2 |
cpe:/a:redhat:multicluster_globalhub:1.6::el9 |
|
| Red Hat | Network Observability (NETOBSERV) 1.11.2 |
cpe:/a:redhat:network_observ_optr:1.11::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.4 |
cpe:/a:redhat:openshift_api_data_protection:1.4::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.5 |
cpe:/a:redhat:openshift_api_data_protection:1.5::el9 |
|
| Red Hat | OpenShift Compliance Operator 1 |
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.14 |
cpe:/a:redhat:acm:2.14::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.10 |
cpe:/a:redhat:advanced_cluster_security:4.10::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.9 |
cpe:/a:redhat:advanced_cluster_security:4.9::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Developer Hub 1.8 |
cpe:/a:redhat:rhdh:1.8::el9 |
|
| Red Hat | Red Hat Developer Hub 1.9 |
cpe:/a:redhat:rhdh:1.9::el9 |
|
| Red Hat | Red Hat Edge Manager 1.0 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat Lightspeed (formerly Insights) for Runtimes 1 |
cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9 |
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.4 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.28 |
cpe:/a:redhat:openshift_devspaces:3.28::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 2.6 |
cpe:/a:redhat:service_mesh:2.6::el8 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.9.3 |
cpe:/a:redhat:openshift_distributed_tracing:3.9::el9 |
|
| Red Hat | Red Hat OpenStack 1.5 |
cpe:/a:redhat:stf:1.5::el9 |
|
| Red Hat | Red Hat Quay 3.10 |
cpe:/a:redhat:quay:3.10::el8 |
|
| Red Hat | Red Hat Quay 3.14 |
cpe:/a:redhat:quay:3.14::el8 |
|
| Red Hat | Red Hat Quay 3.15 |
cpe:/a:redhat:quay:3.15::el8 |
|
| Red Hat | Red Hat Quay 3.16 |
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Quay 3.17 |
cpe:/a:redhat:quay:3.17::el9 |
|
| Red Hat | Red Hat Quay 3.9 |
cpe:/a:redhat:quay:3.9::el8 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 |
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 |
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | Red Hat Web Terminal 1.13 |
cpe:/a:redhat:webterminal:1.13::el9 |
|
| Red Hat | Red Hat Web Terminal 1.14 |
cpe:/a:redhat:webterminal:1.14::el9 |
|
| Red Hat | Red Hat Web Terminal 1.15 |
cpe:/a:redhat:webterminal:1.15::el9 |
|
| Red Hat | mirror registry for Red Hat OpenShift 2.0 |
cpe:/a:redhat:mirror_registry:2.0::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.10 |
cpe:/a:redhat:multicluster_engine:2.10::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.11 |
cpe:/a:redhat:multicluster_engine:2.11::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.17 |
cpe:/a:redhat:multicluster_engine:2.17::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.6 |
cpe:/a:redhat:multicluster_engine:2.6::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.8 |
cpe:/a:redhat:multicluster_engine:2.8::el8 |
|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 |
cpe:/a:redhat:assisted_installer:2 |
|
| Red Hat | cert-manager Operator for Red Hat OpenShift |
cpe:/a:redhat:cert_manager:1 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Deployment Validation Operator |
cpe:/a:redhat:deployment_validator_operator |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | ExternalDNS Operator |
cpe:/a:redhat:ext_dns_optr:1 |
|
| Red Hat | Fence Agents Remediation Operator |
cpe:/a:redhat:workload_availability_far:0 |
|
| Red Hat | File Integrity Operator |
cpe:/a:redhat:openshift_file_integrity_operator:1 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift |
cpe:/a:redhat:logging:5 |
|
| Red Hat | Logical Volume Manager Storage |
cpe:/a:redhat:lvms:4 |
|
| Red Hat | Machine Deletion Remediation Operator |
cpe:/a:redhat:workload_availability_mdr:0 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | mirror registry for Red Hat OpenShift |
cpe:/a:redhat:mirror_registry:1 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat AI Inference Server |
cpe:/a:redhat:ai_inference_server:3 |
|
| Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 |
cpe:/a:redhat:certifications:9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Cluster Manager CLI |
cpe:/a:redhat:openshift_cluster_manager_cli:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift Dev Workspaces Operator |
cpe:/a:redhat:devworkspace |
|
| Red Hat | Red Hat OpenShift GitOps |
cpe:/a:redhat:openshift_gitops:1 |
|
| Red Hat | Red Hat OpenShift on AWS |
cpe:/a:redhat:openshift_service_on_aws:1 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Security Profiles Operator |
cpe:/a:redhat:openshift_security_profiles_operator:1 |
|
| Red Hat | Zero Trust Workload Identity Manager |
cpe:/a:redhat:zero_trust_workload_identity_manager:1 |
|
| Red Hat | Zero Trust Workload Identity Manager - Tech Preview |
cpe:/a:redhat:zero_trust_workload_identity_manager:0 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
|
| Red Hat | OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3 |
|
| Red Hat | Power monitoring for Red Hat OpenShift |
cpe:/a:redhat:openshift_power_monitoring |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift for Windows Containers |
cpe:/a:redhat:windows_machine_config |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Service Interconnect 1 |
cpe:/a:redhat:service_interconnect:1 |
|
| Red Hat | Red Hat Service Interconnect 2 |
cpe:/a:redhat:service_interconnect:2 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-32280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T17:46:14.569488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:46:47.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el8",
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el8",
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "RHEM 1.0 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1",
"cpe:/a:redhat:openstack:17.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el8",
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.19::el9",
"cpe:/a:redhat:satellite_capsule:6.19::el9",
"cpe:/a:redhat:satellite_maintenance:6.19::el9",
"cpe:/a:redhat:satellite_utils:6.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.19 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
],
"defaultStatus": "affected",
"product": "Custom Metric Autoscaler 2.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.0::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.4::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.4.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.5::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.5.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.6::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:stf:1.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:2.0::el8"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift 2.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.17::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ext_dns_optr:1"
],
"defaultStatus": "affected",
"product": "ExternalDNS Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1"
],
"defaultStatus": "affected",
"product": "File Integrity Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "affected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:1"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Workspaces Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "unaffected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "unaffected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-08T01:06:58.595Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T12:05:46.414Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"name": "RHBZ#2456339",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28886"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28961"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34097"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21655"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25180"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27076"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14391"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23244"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20569"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23103"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19715"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19550"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18032"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18027"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17084"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19719"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19750"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20570"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19714"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19450"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10217"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23102"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19133"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22141"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19144"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19135"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22130"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24716"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33722"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10704"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16875"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11507"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11514"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15980"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34196"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34197"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19721"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20607"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20608"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19722"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20556"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19839"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28038"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22709"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17287"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24337"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14200"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10219"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19350"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19353"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26447"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22309"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28074"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26585"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13791"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36319"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22485"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11688"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16537"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14162"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14020"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24478"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22960"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22958"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22962"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22959"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22961"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22422"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22268"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22415"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28198"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28196"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22258"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22260"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:16101: Red Hat Enterprise Linux Server (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28886: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:28961: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:34097: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:21655: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:25180: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:14391: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
},
{
"lang": "en",
"value": "RHSA-2026:23244: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:23103: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:16024: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19550: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:18032: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:18027: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20570: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:22713: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19714: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20571: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19450: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:10217: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:23102: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22141: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19144: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22130: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24716: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:10704: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:11507: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:11514: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:15980: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:34192: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:34196: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:34197: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20608: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19722: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:16021: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20556: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19839: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:22709: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:24337: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:14200: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:10219: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26447: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:22309: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29702: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:28074: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
},
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"lang": "en",
"value": "RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
},
{
"lang": "en",
"value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:26571: OpenShift Compliance Operator 1"
},
{
"lang": "en",
"value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"lang": "en",
"value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:36319: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:21338: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:36651: Red Hat Edge Manager 1.0"
},
{
"lang": "en",
"value": "RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:24359: Red Hat OpenShift Builds 1.7.4"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16505: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16508: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16537: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16477: Red Hat OpenShift Service Mesh 3"
},
{
"lang": "en",
"value": "RHSA-2026:16534: Red Hat OpenShift Service Mesh 3"
},
{
"lang": "en",
"value": "RHSA-2026:14162: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:14020: Red Hat OpenStack 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:24478: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:22960: Red Hat Web Terminal 1.11"
},
{
"lang": "en",
"value": "RHSA-2026:22958: Red Hat Web Terminal 1.12"
},
{
"lang": "en",
"value": "RHSA-2026:22962: Red Hat Web Terminal 1.13"
},
{
"lang": "en",
"value": "RHSA-2026:22959: Red Hat Web Terminal 1.14"
},
{
"lang": "en",
"value": "RHSA-2026:22961: Red Hat Web Terminal 1.15"
},
{
"lang": "en",
"value": "RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0"
},
{
"lang": "en",
"value": "RHSA-2026:22422: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:22268: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:22415: multicluster engine for Kubernetes 2.17"
},
{
"lang": "en",
"value": "RHSA-2026:28198: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:28196: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:22258: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:22260: multicluster engine for Kubernetes 2.8"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-08T02:01:19.572Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-08T01:06:58.595Z",
"value": "Made public."
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.buildChains"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.2",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek - https://ciolek.dev"
}
],
"descriptions": [
{
"lang": "en",
"value": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T01:06:58.595Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/758320"
},
{
"url": "https://go.dev/issue/78282"
},
{
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"title": "Unexpected work during chain building in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-32280",
"datePublished": "2026-04-08T01:06:58.595Z",
"dateReserved": "2026-03-11T16:38:46.555Z",
"dateUpdated": "2026-07-10T12:05:46.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32280",
"date": "2026-07-13",
"epss": "0.00615",
"percentile": "0.45316"
},
"microsoft_vex": {
"current_release_date": "2026-06-09T01:40:50.000Z",
"cve": "CVE-2026-32280",
"id": "msrc_CVE-2026-32280",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"product_status:known_affected": "7",
"product_status:known_not_affected": "8",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Unexpected work during chain building in crypto/x509",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-32280.json",
"version": "5"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32280\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-04-08T02:16:03.247\",\"lastModified\":\"2026-07-10T12:16:38.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"Certificate.buildChains\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.9\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.2\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.14::el8\",\"cpe:/a:redhat:openshift:4.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.15::el8\",\"cpe:/a:redhat:openshift:4.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.17::el8\",\"cpe:/a:redhat:openshift:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.18::el8\",\"cpe:/a:redhat:openshift:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.16 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.16::el8\",\"cpe:/a:redhat:satellite_capsule:6.16::el8\",\"cpe:/a:redhat:satellite_maintenance:6.16::el8\",\"cpe:/a:redhat:satellite_utils:6.16::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4 on RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"RHEM 1.0 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\",\"cpe:/a:redhat:openstack:17.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el8\",\"cpe:/a:redhat:openshift:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.16 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.16::el9\",\"cpe:/a:redhat:satellite_capsule:6.16::el9\",\"cpe:/a:redhat:satellite_maintenance:6.16::el9\",\"cpe:/a:redhat:satellite_utils:6.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.19 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.19::el9\",\"cpe:/a:redhat:satellite_capsule:6.19::el9\",\"cpe:/a:redhat:satellite_maintenance:6.19::el9\",\"cpe:/a:redhat:satellite_utils:6.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Custom Metric Autoscaler 2.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"HawtIO HawtIO 4.4.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.4.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.5.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability (NETOBSERV) 1.11.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Compliance Operator 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Lightspeed (formerly Insights) for Runtimes 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 2.25\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:2.25::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.7.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.28\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.28::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3.9.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:stf:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.14::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.15::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.12::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift 2.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:2.0::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.10::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.8::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Deployment Validation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:deployment_validator_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"ExternalDNS Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ext_dns_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Fence Agents Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_far:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"File Integrity Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Machine Deletion Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_mdr:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Workspaces Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 1\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-08T17:46:14.569488Z\",\"id\":\"CVE-2026-32280\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.9\",\"matchCriteriaId\":\"C6C9C072-9817-402D-877F-F83584B07017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.2\",\"matchCriteriaId\":\"39FE9BAF-55E9-43AA-B14E-239E7EF1D65D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/758320\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78282\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4947\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10217\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10219\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10704\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11507\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11514\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11688\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13545\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13791\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13826\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13829\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14020\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14162\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14200\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14391\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15980\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16021\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16024\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16101\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16476\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16477\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16505\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16508\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16532\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16534\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16535\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16537\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16542\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16874\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16875\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17084\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17287\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18027\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18032\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19133\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19135\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19144\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19350\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19353\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19375\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19450\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19550\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19634\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19714\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19715\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19719\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19720\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19721\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19722\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19750\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19839\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20556\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20569\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20570\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20607\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20608\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20609\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20889\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21017\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21338\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21655\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21769\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21772\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22130\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22141\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22258\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22260\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22268\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22309\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22347\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22415\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22422\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22465\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22485\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22709\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22713\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22840\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22862\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22958\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22959\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22960\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22961\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22962\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23102\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23103\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23244\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23345\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23361\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24337\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24359\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24470\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24478\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24716\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24761\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24762\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24853\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24977\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25089\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25127\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25180\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26447\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26585\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26636\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27076\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28038\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28047\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28074\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28196\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28198\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28441\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28886\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28961\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29035\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29195\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29455\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29702\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29703\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33722\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34097\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34192\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34196\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34197\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34365\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36319\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36651\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36796\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9385\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-32280\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2456339\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-13T23:04:10+00:00",
"cve": "CVE-2026-32280",
"id": "CVE-2026-32280",
"initial_release_date": "2026-04-08T01:06:58.595000+00:00",
"product_status:fixed": "2567",
"product_status:known_affected": "187",
"product_status:known_not_affected": "2664",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux Server (v. 7 ELS)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el8\", \"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el8\", \"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el8\", \"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el8\", \"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_utils:6.16::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4 on RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEM 1.0 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\", \"cpe:/a:redhat:openstack:17.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el8\", \"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.19::el9\", \"cpe:/a:redhat:satellite_capsule:6.19::el9\", \"cpe:/a:redhat:satellite_maintenance:6.19::el9\", \"cpe:/a:redhat:satellite_utils:6.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.19 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\", \"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat CodeReady Linux Builder EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Custom Metric Autoscaler 2.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"HawtIO HawtIO 4.4.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.4.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.5.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.6.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability (NETOBSERV) 1.11.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection 1.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Lightspeed (formerly Insights) for Runtimes 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai:2.25::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI 2.25\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_builds:1.7::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Builds 1.7.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.28::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces 3.28\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.9.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:stf:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.15::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer 1.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:2.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift 2.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.8::el8\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:assisted_installer:2\"], \"vendor\": \"Red Hat\", \"product\": \"Assisted Installer for Red Hat OpenShift Container Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:deployment_validator_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Deployment Validation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ext_dns_optr:1\"], \"vendor\": \"Red Hat\", \"product\": \"ExternalDNS Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_far:0\"], \"vendor\": \"Red Hat\", \"product\": \"Fence Agents Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"File Integrity Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:5\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lvms:4\"], \"vendor\": \"Red Hat\", \"product\": \"Logical Volume Manager Storage\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_mdr:0\"], \"vendor\": \"Red Hat\", \"product\": \"Machine Deletion Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:1\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_lightspeed\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification Program for Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:connectivity_link:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Connectivity Link 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Cluster Manager CLI\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:devworkspace\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Workspaces Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_service_on_aws:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift on AWS\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_security_profiles_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Security Profiles Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nhc:0\"], \"vendor\": \"Red Hat\", \"product\": \"Node HealthCheck Operator\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_power_monitoring\"], \"vendor\": \"Red Hat\", \"product\": \"Power monitoring for Red Hat OpenShift\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:windows_machine_config\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift for Windows Containers\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 1\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-08T02:01:19.572Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-04-08T01:06:58.595Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16101: Red Hat Enterprise Linux Server (v. 7 ELS)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28886: Red Hat OpenShift Container Platform 4.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28961: Red Hat OpenShift Container Platform 4.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34097: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21655: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25180: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14391: Cryostat 4 on RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36796: RHEM 1.0 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28047: Red Hat OpenStack Platform 17.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23244: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23103: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16024: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19550: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:18032: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:18027: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20570: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22713: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19714: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20571: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19450: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10217: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23102: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22141: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19144: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22130: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24716: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10704: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11507: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11514: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15980: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34192: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34196: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34197: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20608: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19722: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16021: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20556: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19839: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22709: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24337: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14200: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10219: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26447: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22309: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29702: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28074: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26636: Custom Metric Autoscaler 2.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25089: HawtIO HawtIO 4.4.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22347: Multicluster Global Hub 1.4.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21769: Multicluster Global Hub 1.5.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23345: Multicluster Global Hub 1.6.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29854: OpenShift API for Data Protection 1.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26568: OpenShift API for Data Protection 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26571: OpenShift Compliance Operator 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36319: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21338: Red Hat Developer Hub 1.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13826: Red Hat Developer Hub 1.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36651: Red Hat Edge Manager 1.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24977: Red Hat OpenShift AI 2.25\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24359: Red Hat OpenShift Builds 1.7.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16477: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16505: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16508: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16537: Red Hat OpenShift Service Mesh 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14162: Red Hat OpenShift distributed tracing 3.9.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14020: Red Hat OpenStack 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22840: Red Hat Quay 3.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21017: Red Hat Quay 3.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24853: Red Hat Quay 3.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19375: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22465: Red Hat Quay 3.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23361: Red Hat Quay 3.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24478: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22960: Red Hat Web Terminal 1.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22958: Red Hat Web Terminal 1.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22962: Red Hat Web Terminal 1.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22959: Red Hat Web Terminal 1.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22961: Red Hat Web Terminal 1.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22422: multicluster engine for Kubernetes 2.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22268: multicluster engine for Kubernetes 2.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22415: multicluster engine for Kubernetes 2.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28198: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28196: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22258: multicluster engine for Kubernetes 2.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22260: multicluster engine for Kubernetes 2.8\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-04-08T01:06:58.595Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-32280\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2456339\", \"name\": \"RHBZ#2456339\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24762\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16101\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24761\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28886\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28961\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34097\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21655\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25180\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:27076\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14391\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36796\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28047\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23244\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34365\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20569\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23103\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19715\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16024\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19550\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:18032\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:18027\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17084\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19719\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19750\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20570\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22713\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19714\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19450\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10217\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29195\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23102\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19133\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22141\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19144\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19135\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24470\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22130\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29035\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24716\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33722\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10704\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16875\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11507\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11514\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15980\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34192\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34196\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34197\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19721\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20607\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20608\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19722\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16021\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20556\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19839\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28038\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19720\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17287\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24337\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20609\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14200\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10219\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29455\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29703\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19350\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19353\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26447\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22309\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29702\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28074\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26636\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25089\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26585\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22862\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22347\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21769\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23345\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16874\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29854\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26568\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25127\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13829\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20889\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13791\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36319\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13545\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21338\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13826\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36651\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22485\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24977\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24359\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21772\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11688\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16476\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16477\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16534\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16505\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16532\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16508\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16535\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16537\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16542\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14162\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9385\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14020\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22840\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21017\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24853\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19375\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22465\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23361\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24478\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22960\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22958\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22962\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22959\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22961\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28441\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22422\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22268\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22415\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28198\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28196\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22258\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22260\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-09T12:09:15.670Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32280\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-08T17:46:14.569488Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-08T17:45:30.925Z\"}}], \"cna\": {\"title\": \"Unexpected work during chain building in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek - https://ciolek.dev\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.2\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Certificate.buildChains\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/758320\"}, {\"url\": \"https://go.dev/issue/78282\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4947\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-04-08T01:06:58.595Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32280\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-09T12:09:15.670Z\", \"dateReserved\": \"2026-03-11T16:38:46.555Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-04-08T01:06:58.595Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:20608
Vulnerability from csaf_redhat - Published: 2026-05-26 05:46 - Updated: 2026-07-13 23:21A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. \n\nSecurity Fix(es):\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:20608",
"url": "https://access.redhat.com/errata/RHSA-2026:20608"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20608.json"
}
],
"title": "Red Hat Security Advisory: containernetworking-plugins security update",
"tracking": {
"current_release_date": "2026-07-13T23:21:48+00:00",
"generator": {
"date": "2026-07-13T23:21:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:20608",
"initial_release_date": "2026-05-26T05:46:50+00:00",
"revision_history": [
{
"date": "2026-05-26T05:46:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-26T05:46:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:21:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"product": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"product_id": "containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.6.2-3.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"product_id": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.6.2-3.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"product_id": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.6.2-3.el9_6.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"product": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"product_id": "containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.6.2-3.el9_6.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"product": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"product_id": "containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.6.2-3.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"product_id": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.6.2-3.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"product_id": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.6.2-3.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"product": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"product_id": "containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.6.2-3.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"product_id": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.6.2-3.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"product_id": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.6.2-3.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"product": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"product_id": "containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.6.2-3.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64",
"product_id": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.6.2-3.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"product_id": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.6.2-3.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64"
},
"product_reference": "containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le"
},
"product_reference": "containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x"
},
"product_reference": "containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src"
},
"product_reference": "containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64"
},
"product_reference": "containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T05:46:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20608"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T05:46:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20608"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.6.2-3.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:containernetworking-plugins-debugsource-1:1.6.2-3.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:20609
Vulnerability from csaf_redhat - Published: 2026-05-26 05:28 - Updated: 2026-07-13 23:25A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:20609",
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20609.json"
}
],
"title": "Red Hat Security Advisory: skopeo security update",
"tracking": {
"current_release_date": "2026-07-13T23:25:47+00:00",
"generator": {
"date": "2026-07-13T23:25:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:20609",
"initial_release_date": "2026-05-26T05:28:35+00:00",
"revision_history": [
{
"date": "2026-05-26T05:28:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-26T05:28:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:25:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.18.1-5.el9_6.1.src",
"product": {
"name": "skopeo-2:1.18.1-5.el9_6.1.src",
"product_id": "skopeo-2:1.18.1-5.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.18.1-5.el9_6.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.18.1-5.el9_6.1.aarch64",
"product": {
"name": "skopeo-2:1.18.1-5.el9_6.1.aarch64",
"product_id": "skopeo-2:1.18.1-5.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.18.1-5.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"product": {
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"product_id": "skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.18.1-5.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"product_id": "skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.18.1-5.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"product_id": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.18.1-5.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"product": {
"name": "skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"product_id": "skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.18.1-5.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"product": {
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"product_id": "skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.18.1-5.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"product_id": "skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.18.1-5.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"product_id": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.18.1-5.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.18.1-5.el9_6.1.x86_64",
"product": {
"name": "skopeo-2:1.18.1-5.el9_6.1.x86_64",
"product_id": "skopeo-2:1.18.1-5.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.18.1-5.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.x86_64",
"product": {
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.x86_64",
"product_id": "skopeo-tests-2:1.18.1-5.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.18.1-5.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"product_id": "skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.18.1-5.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"product_id": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.18.1-5.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.18.1-5.el9_6.1.s390x",
"product": {
"name": "skopeo-2:1.18.1-5.el9_6.1.s390x",
"product_id": "skopeo-2:1.18.1-5.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.18.1-5.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"product": {
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"product_id": "skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.18.1-5.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"product": {
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"product_id": "skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.18.1-5.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"product_id": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.18.1-5.el9_6.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.18.1-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64"
},
"product_reference": "skopeo-2:1.18.1-5.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.18.1-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le"
},
"product_reference": "skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.18.1-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x"
},
"product_reference": "skopeo-2:1.18.1-5.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.18.1-5.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src"
},
"product_reference": "skopeo-2:1.18.1-5.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.18.1-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64"
},
"product_reference": "skopeo-2:1.18.1-5.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x"
},
"product_reference": "skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64"
},
"product_reference": "skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le"
},
"product_reference": "skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x"
},
"product_reference": "skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.18.1-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
},
"product_reference": "skopeo-tests-2:1.18.1-5.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T05:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T05:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T05:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:skopeo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debuginfo-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-debugsource-2:1.18.1-5.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:skopeo-tests-2:1.18.1-5.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:20889
Vulnerability from csaf_redhat - Published: 2026-05-26 11:34 - Updated: 2026-07-13 23:20A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into core JavaScript objects. When another component in the same application environment is compromised and pollutes the system's object prototype, Axios can unknowingly use these manipulated values in its outbound network requests. This could lead to the disclosure of sensitive information or the alteration of network communications, compromising data confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:20889",
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42264",
"url": "https://access.redhat.com/security/cve/CVE-2026-42264"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.10/html-single/release_notes/index#about-this-release-4103_release-notes-410",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.10/html-single/release_notes/index#about-this-release-4103_release-notes-410"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20889.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.10.3 security and bug fix update",
"tracking": {
"current_release_date": "2026-07-13T23:20:33+00:00",
"generator": {
"date": "2026-07-13T23:20:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:20889",
"initial_release_date": "2026-05-26T11:34:12+00:00",
"revision_history": [
{
"date": "2026-05-26T11:34:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-01T08:24:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:20:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product": {
"name": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3Aa32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778746262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-fact-rhel8@sha256%3Ab4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778746644"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Aa7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3Adbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Acefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ae5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Af6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Afe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778746262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-fact-rhel8@sha256%3A71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778746644"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Aea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Ae077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778746262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Acde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3Af94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Af1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Afa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778746262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Aceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Aa0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Ab693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ab5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1778755463"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security\u0026tag=1779293013"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.10",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-42264",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-05-08T04:02:21.039378+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into core JavaScript objects. When another component in the same application environment is compromised and pollutes the system\u0027s object prototype, Axios can unknowingly use these manipulated values in its outbound network requests. This could lead to the disclosure of sensitive information or the alteration of network communications, compromising data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Prototype pollution allows information disclosure and request manipulation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important prototype pollution flaw in Axios could result in information disclosure and network request manipulation. The vulnerability occurs when a co-located dependency in the application environment successfully pollutes the JavaScript `Object.prototype`. Under these conditions, Axios may unknowingly incorporate the manipulated properties into its outbound HTTP requests, potentially compromising data confidentiality and integrity. Exploitation is contingent on a prior successful prototype pollution attack from another component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42264"
},
{
"category": "external",
"summary": "RHBZ#2467927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa",
"url": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10779",
"url": "https://github.com/axios/axios/pull/10779"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.2",
"url": "https://github.com/axios/axios/releases/tag/v1.15.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj"
}
],
"release_date": "2026-05-08T03:20:24.248000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Prototype pollution allows information disclosure and request manipulation"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T11:34:12+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:04e380e189febad5d8dcbfaa68643963ab8d65d7089d32e30a1276837605e03a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:10b0b798c4690002c7ffe064b84cf5d0bb6f52045cd15bfe79b15bd68d4fbe8c_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:444df0b47d23743e19022b4a92e2ee9dd345598fb31f9b947f0bbdab7f59d90e_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:a32574be1c7a5a9ef0aa8b8ce4946ffe4920cb72b402eb17d1ca07c43925faef_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:1563b3a0da76d7b35ecc4c563a8d347e9a558c8043da5c9588ad2f7f943a7ece_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:56e67cf62ffe4982d358ae06098da48f44175cd63239ebfb711b476404abb31a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:e077a56adee93c70cc339a83e47805691758c4e187195b0dd1d567133a5b6661_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:fe09f895ec18082b40abbcd7e546bb4bfeceb8dd4d7f1bed85310096333baa1d_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:71e40863edd8c6275921449d977c396bf066e3ce87ad2c0e61f80003202637ab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-fact-rhel8@sha256:b4789552297c62abde45025c53087f258273431fc4921cab693997bb3aebfaff_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:16792cdca53b00c9f3b8a318270fe2970ee8a8b5b7b54a68f3e3c8412f30d802_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:1c803425800df9af39869d7fe6512c954261a24228f017b8751d6fc93ee14d94_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:7a45d15348cd7c48aada943ba0e9d6381f845267873d5c81cfaf501de2a3ae5b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:89e70cfaebf46d63cd2c3ddcb4f5b44cfca68d8ec7379a00da7266da7a91f20c_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:dbbd62683e39389f91b5937a9d17a414243db53bb901ba7ebe17d24f8c78480e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:4713cf6657eee34d58a329610050db2c3884b635260935ca69099be6bdd62400_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a7a9a2165e13c9be2ccc1bcc157b33f1c3994256baf43f4ac4a76021c0880278_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:cde020c47589fd802cda98804da44218f34eec63396efb166a81274617d8acf4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:ceda1bd9270d37f947b4141be2a134767997f5135003b9d1f2007aed21c53a1e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:0c5bd402788e93b9795dbaa3dd82272339858972059e0e1017bb12a7a5fa52a1_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:51c6efd982283db3ffeebc152e58874601f1660ce76700c7110d11bca1d06688_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9ec58aa0b8f1617d0a3e824cadaa8c939dada1f22e98c3a818bd85b0947dd9a5_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:a0b8260a0c9b73d802891463c5427d1f3607acd62da928b1e4bd8aa7993649d4_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:348379199252e9c10cdc6268ce42ce039f12adc6e8e588b8105d2ce1e81ae439_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:423d831317c9019733c1b2191568dd4f00890a4d4e26ada3067b7ba43a2b9b48_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9609056d08c8aff42326b2dea7733dc89ddfa019466c223bc0dfd22822627416_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b693c67103bee5f49185b7cb2322ff174954b115938f0696d53a25b43f63f972_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7624c0fe4943f89cb8ca709a9d84004ffe4a533498d2bba21a83a811e16da2a9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:905f591f2e1e2e3dbd17bc8b1f903ae7b5fc8e573f3708eb3a97a70c5dc412dc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cefa60dedb2d65ba3d9324b7d37ef997300720f2e006014c1c79731ed3a1b2ba_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f1c6ac0330ce4337dff577ed282f1aaec462027edb0ef3a48db11f8eea9be6e4_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:43b201e72f0ab1a59dddb5608bc814607ff1138572af3052af0199c468cecc47_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:68773c7eebb7f9764e3b0e6a49f7b025896764016896022504b7876ebc269af5_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:93ac1f8d14c6402ffa441b692ba8a28f95990a254835c69bf37165164eae895b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:f94d97d4e1c5a2d50b3a7be98032c4f54f7582300d27de605f804d041916a7b6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0cbdb571c33cc7f78a4ace9ac32271cabce2fb585d758972053924440a15d1f7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:27ad8f03033572bac8d6e87a78a49018e5d1b6b4dfd0096365ec8668f1c97771_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:91ab6414f8e3559e3a424882dc40fe953990a6ad5efcaeb50fe0a6756f3e20c7_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:b5ee8b86ee6a8474158e60cfc26a676a355a9ed98076b73f905bca42b1085329_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:0d0f3c45b3806a428c1dcdb9814699a44d067398854adde5e8f984481496deaf_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:76c6c09e9315ad9b83ec34d0825a94bdb90effcc072d58f9cf6c6b60ab0365aa_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:8fd4674c282ee4da0095ea9611b25d25c4d70d522976fd7557eb93d07ca09296_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:f6db822767d0e5c8d3544cdbc565e58880dd1a628465100edef7c5a2d7510abe_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:4aab8cb0a2e5b8518bdd01bc0557c7768ca40b080b9a907d5885d3743debb627_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e5659b1d9790c4bd5df3093b0a36dd4a0ca64ba224924d37e9dafc6aff5c83df_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ea9fba7212bc0621e1ed6b030b4c8a1fbe3a0f2491b6fdc192c14f8ef7a6ae27_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.10:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:fa3a268f648bce0d881c1b26395cbf16f4d556483e4455f17dfa5968438d4152_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
}
]
}
RHSA-2026:21017
Vulnerability from csaf_redhat - Published: 2026-05-26 17:12 - Updated: 2026-07-13 23:31A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
No description is available for this CVE.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.14.8 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.14.8",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21017",
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2377",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21017.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.14.8",
"tracking": {
"current_release_date": "2026-07-13T23:31:21+00:00",
"generator": {
"date": "2026-07-13T23:31:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:21017",
"initial_release_date": "2026-05-26T17:12:40+00:00",
"revision_history": [
{
"date": "2026-05-26T17:12:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T17:21:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:31:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.14",
"product": {
"name": "Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1778873727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1778874411"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Abc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1778873623"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ae76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778874087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1778873627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ac82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1778873589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Aa620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1779693417"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Adb535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1778873585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779689392"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1778873623"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ab83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778874087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aeade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1778873627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72?arch=arm64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1778873589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1778873585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779689392"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1778873623"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778874087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1778873627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1778873589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1778873585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Afca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779689392"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1778873623"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778874087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Afac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1778873627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ac36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1778873589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1778873585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779689392"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-2377",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-02-11T21:02:44.495000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439201"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application\u0027s internal network, potentially leading to the disclosure of sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\n\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "RHBZ#2439201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2377"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377"
}
],
"release_date": "2026-04-08T16:18:10.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:21338
Vulnerability from csaf_redhat - Published: 2026-05-27 13:41 - Updated: 2026-07-13 23:21A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — |
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — |
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — |
Workaround
|
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user's browser, leading to Cross-Site Scripting (XSS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
Workaround
|
A flaw was found in protobufjs, a JavaScript (JS) library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the "type" fields of protobuf definitions. This malicious code will then execute during the object decoding process, leading to arbitrary code execution and potentially full system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
A flaw was found in xmldom and @xmldom/xmldom, a JavaScript library for parsing and serializing XML. This vulnerability allows an attacker to inject arbitrary XML markup into a document due to improper handling of DocumentType node fields during serialization. By crafting malicious input, an attacker can cause the XML serializer to prematurely terminate the DOCTYPE declaration, enabling the insertion of unauthorized content. This could lead to information disclosure or, in certain configurations, the execution of arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.8.7 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21338",
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41240",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41242",
"url": "https://access.redhat.com/security/cve/CVE-2026-41242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41674",
"url": "https://access.redhat.com/security/cve/CVE-2026-41674"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13087",
"url": "https://issues.redhat.com/browse/RHIDP-13087"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13114",
"url": "https://issues.redhat.com/browse/RHIDP-13114"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13271",
"url": "https://issues.redhat.com/browse/RHIDP-13271"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13301",
"url": "https://issues.redhat.com/browse/RHIDP-13301"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13314",
"url": "https://issues.redhat.com/browse/RHIDP-13314"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13316",
"url": "https://issues.redhat.com/browse/RHIDP-13316"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13407",
"url": "https://issues.redhat.com/browse/RHIDP-13407"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13445",
"url": "https://issues.redhat.com/browse/RHIDP-13445"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13450",
"url": "https://issues.redhat.com/browse/RHIDP-13450"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13456",
"url": "https://issues.redhat.com/browse/RHIDP-13456"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13463",
"url": "https://issues.redhat.com/browse/RHIDP-13463"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13486",
"url": "https://issues.redhat.com/browse/RHIDP-13486"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13589",
"url": "https://issues.redhat.com/browse/RHIDP-13589"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13643",
"url": "https://issues.redhat.com/browse/RHIDP-13643"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21338.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.8.7 release.",
"tracking": {
"current_release_date": "2026-07-13T23:21:52+00:00",
"generator": {
"date": "2026-07-13T23:21:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:21338",
"initial_release_date": "2026-05-27T13:41:05+00:00",
"revision_history": [
{
"date": "2026-05-27T13:41:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-27T21:56:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:21:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.8",
"product": {
"name": "Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1779841586"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Aeab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1779841292"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1779846497"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6321",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-05-04T20:01:14.938426+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "RHBZ#2466582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
}
],
"release_date": "2026-05-04T19:31:57.253000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-41240",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-23T16:04:41.751666+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user\u0027s browser, leading to Cross-Site Scripting (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "RHBZ#2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80",
"url": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m"
}
],
"release_date": "2026-04-23T14:54:32.426000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization"
},
{
"cve": "CVE-2026-41242",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-04-18T17:00:50.677423+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459442"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in protobufjs, a JavaScript (JS) library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the \"type\" fields of protobuf definitions. This malicious code will then execute during the object decoding process, leading to arbitrary code execution and potentially full system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41242"
},
{
"category": "external",
"summary": "RHBZ#2459442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459442"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41242"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75",
"url": "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956",
"url": "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5",
"url": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1",
"url": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg",
"url": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg"
}
],
"release_date": "2026-04-18T16:18:10.652000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields"
},
{
"cve": "CVE-2026-41674",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2026-05-07T05:01:25.803044+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467620"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xmldom and @xmldom/xmldom, a JavaScript library for parsing and serializing XML. This vulnerability allows an attacker to inject arbitrary XML markup into a document due to improper handling of DocumentType node fields during serialization. By crafting malicious input, an attacker can cause the XML serializer to prematurely terminate the DOCTYPE declaration, enabling the insertion of unauthorized content. This could lead to information disclosure or, in certain configurations, the execution of arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xmldom: xmldom: Arbitrary XML markup injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41674"
},
{
"category": "external",
"summary": "RHBZ#2467620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41674"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41674"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314",
"url": "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
"url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
},
{
"category": "external",
"summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h",
"url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h"
}
],
"release_date": "2026-05-07T03:47:51.140000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xmldom: xmldom: Arbitrary XML markup injection"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T13:41:05+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:51671ad52a7a212954d04773ac544807db4d1a67f1272d992e8bee8630d0f0c3_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:82074d1783ef678fd9ee24592a40deebdd3a3d8bac65253141aca2a35a8e712d_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:eab7750691c87ec2609983cbccd7476e7e0313d9b30a707b687ea05adf092413_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:21655
Vulnerability from csaf_redhat - Published: 2026-06-03 14:28 - Updated: 2026-07-13 23:20The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.18.43. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2026:21657\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21655",
"url": "https://access.redhat.com/errata/RHSA-2026:21655"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21655.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.43 packages and security update",
"tracking": {
"current_release_date": "2026-07-13T23:20:28+00:00",
"generator": {
"date": "2026-07-13T23:20:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:21655",
"initial_release_date": "2026-06-03T14:28:37+00:00",
"revision_history": [
{
"date": "2026-06-03T14:28:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T14:28:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:20:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.18",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.18::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.18",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"product": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"product_id": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-9.rhaos4.18.el8?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-12.rhaos4.18.el8.src",
"product": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.src",
"product_id": "podman-5:5.2.2-12.rhaos4.18.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-12.rhaos4.18.el8?arch=src\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el8.src",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.src",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el8?arch=src\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"product_id": "skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.18.el8?arch=src\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-20.rhaos4.18.el9.src",
"product": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.src",
"product_id": "podman-5:5.2.2-20.rhaos4.18.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-20.rhaos4.18.el9?arch=src\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el9.src",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.src",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el9?arch=src\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"product": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"product_id": "skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-6.rhaos4.18.el9?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product_id": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-9.rhaos4.18.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-9.rhaos4.18.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-9.rhaos4.18.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product": {
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_id": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.2.2-12.rhaos4.18.el8?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el8?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product_id": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-6.rhaos4.18.el8?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product_id": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-6.rhaos4.18.el8?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"product_id": "skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.18.el8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.18.el8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_id": "podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-20.rhaos4.18.el9?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product": {
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_id": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.2.2-20.rhaos4.18.el9?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product": {
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_id": "podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.2.2-20.rhaos4.18.el9?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product": {
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_id": "podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.2.2-20.rhaos4.18.el9?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product": {
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_id": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.2.2-20.rhaos4.18.el9?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product": {
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_id": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.2.2-20.rhaos4.18.el9?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product": {
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_id": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.2.2-20.rhaos4.18.el9?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product": {
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_id": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.2.2-20.rhaos4.18.el9?arch=x86_64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product_id": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-6.rhaos4.18.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product_id": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-6.rhaos4.18.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product_id": "skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-6.rhaos4.18.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product": {
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product_id": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-6.rhaos4.18.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product_id": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.16.1-6.rhaos4.18.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product_id": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.16.1-6.rhaos4.18.el9?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product_id": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-9.rhaos4.18.el8?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-9.rhaos4.18.el8?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-9.rhaos4.18.el8?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product": {
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_id": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.2.2-12.rhaos4.18.el8?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el8?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product_id": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-6.rhaos4.18.el8?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product_id": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-6.rhaos4.18.el8?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"product_id": "skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.18.el8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.18.el8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_id": "podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-20.rhaos4.18.el9?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product": {
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_id": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.2.2-20.rhaos4.18.el9?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product": {
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_id": "podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.2.2-20.rhaos4.18.el9?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product": {
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_id": "podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.2.2-20.rhaos4.18.el9?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product": {
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_id": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.2.2-20.rhaos4.18.el9?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product": {
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_id": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.2.2-20.rhaos4.18.el9?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product": {
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_id": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.2.2-20.rhaos4.18.el9?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product": {
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_id": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.2.2-20.rhaos4.18.el9?arch=aarch64\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product_id": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-6.rhaos4.18.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product_id": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-6.rhaos4.18.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product_id": "skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-6.rhaos4.18.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product": {
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product_id": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-6.rhaos4.18.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product_id": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.16.1-6.rhaos4.18.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product_id": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.16.1-6.rhaos4.18.el9?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product_id": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-9.rhaos4.18.el8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-9.rhaos4.18.el8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-9.rhaos4.18.el8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product": {
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_id": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.2.2-12.rhaos4.18.el8?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el8?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product_id": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-6.rhaos4.18.el8?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product_id": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-6.rhaos4.18.el8?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"product_id": "skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.18.el8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.18.el8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_id": "podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-20.rhaos4.18.el9?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product": {
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_id": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.2.2-20.rhaos4.18.el9?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product": {
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_id": "podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.2.2-20.rhaos4.18.el9?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product": {
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_id": "podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.2.2-20.rhaos4.18.el9?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product": {
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_id": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.2.2-20.rhaos4.18.el9?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product": {
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_id": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.2.2-20.rhaos4.18.el9?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_id": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.2.2-20.rhaos4.18.el9?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product": {
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_id": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.2.2-20.rhaos4.18.el9?arch=ppc64le\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product_id": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-6.rhaos4.18.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product_id": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-6.rhaos4.18.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product_id": "skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-6.rhaos4.18.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product": {
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product_id": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-6.rhaos4.18.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product_id": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.16.1-6.rhaos4.18.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product_id": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.16.1-6.rhaos4.18.el9?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"product": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"product_id": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-9.rhaos4.18.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-9.rhaos4.18.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-9.rhaos4.18.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product": {
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_id": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.2.2-12.rhaos4.18.el8?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el8?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"product": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"product_id": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-6.rhaos4.18.el8?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"product": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"product_id": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-6.rhaos4.18.el8?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"product_id": "skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.18.el8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.18.el8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"product": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_id": "podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@5.2.2-20.rhaos4.18.el9?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"product": {
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_id": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@5.2.2-20.rhaos4.18.el9?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"product": {
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_id": "podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@5.2.2-20.rhaos4.18.el9?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"product": {
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_id": "podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@5.2.2-20.rhaos4.18.el9?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"product": {
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_id": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@5.2.2-20.rhaos4.18.el9?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product": {
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_id": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@5.2.2-20.rhaos4.18.el9?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product": {
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_id": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@5.2.2-20.rhaos4.18.el9?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product": {
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_id": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@5.2.2-20.rhaos4.18.el9?arch=s390x\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"product": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"product_id": "runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-6.rhaos4.18.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"product": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"product_id": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-6.rhaos4.18.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"product": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"product_id": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-6.rhaos4.18.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"product": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"product_id": "skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-6.rhaos4.18.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"product": {
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"product_id": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-6.rhaos4.18.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"product": {
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"product_id": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.16.1-6.rhaos4.18.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"product_id": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.16.1-6.rhaos4.18.el9?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"product": {
"name": "podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"product_id": "podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@5.2.2-12.rhaos4.18.el8?arch=noarch\u0026epoch=5"
}
}
},
{
"category": "product_version",
"name": "podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"product": {
"name": "podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"product_id": "podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@5.2.2-20.rhaos4.18.el9?arch=noarch\u0026epoch=5"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64"
},
"product_reference": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le"
},
"product_reference": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x"
},
"product_reference": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src"
},
"product_reference": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64"
},
"product_reference": "containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.src as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src"
},
"product_reference": "podman-5:5.2.2-12.rhaos4.18.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch"
},
"product_reference": "podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64"
},
"product_reference": "podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le"
},
"product_reference": "podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x"
},
"product_reference": "podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64"
},
"product_reference": "podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.src as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64"
},
"product_reference": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x"
},
"product_reference": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64"
},
"product_reference": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64"
},
"product_reference": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le"
},
"product_reference": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x"
},
"product_reference": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64"
},
"product_reference": "runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.src as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64"
},
"product_reference": "podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le"
},
"product_reference": "podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x"
},
"product_reference": "podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.src as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src"
},
"product_reference": "podman-5:5.2.2-20.rhaos4.18.el9.src",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5:5.2.2-20.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64"
},
"product_reference": "podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64"
},
"product_reference": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le"
},
"product_reference": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x"
},
"product_reference": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64"
},
"product_reference": "podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64"
},
"product_reference": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le"
},
"product_reference": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x"
},
"product_reference": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64"
},
"product_reference": "podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch"
},
"product_reference": "podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64"
},
"product_reference": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le"
},
"product_reference": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x"
},
"product_reference": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64"
},
"product_reference": "podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64"
},
"product_reference": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x"
},
"product_reference": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64"
},
"product_reference": "podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64"
},
"product_reference": "podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le"
},
"product_reference": "podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x"
},
"product_reference": "podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64"
},
"product_reference": "podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64"
},
"product_reference": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le"
},
"product_reference": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x"
},
"product_reference": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64"
},
"product_reference": "podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64"
},
"product_reference": "podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le"
},
"product_reference": "podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x"
},
"product_reference": "podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64"
},
"product_reference": "podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.src as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el9.src",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-6.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64"
},
"product_reference": "runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64"
},
"product_reference": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x"
},
"product_reference": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64"
},
"product_reference": "runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64"
},
"product_reference": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le"
},
"product_reference": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x"
},
"product_reference": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64"
},
"product_reference": "runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64"
},
"product_reference": "skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le"
},
"product_reference": "skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x"
},
"product_reference": "skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.src as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src"
},
"product_reference": "skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64"
},
"product_reference": "skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x"
},
"product_reference": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64"
},
"product_reference": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le"
},
"product_reference": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x"
},
"product_reference": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64"
},
"product_reference": "skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:37+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/",
"product_ids": [
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21655"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:37+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/",
"product_ids": [
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:containernetworking-plugins-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debuginfo-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:containernetworking-plugins-debugsource-1:1.4.0-9.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:podman-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-catatonit-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-debugsource-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-docker-5:5.2.2-12.rhaos4.18.el8.noarch",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-gvproxy-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:podman-tests-5:5.2.2-12.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.src",
"8Base-RHOSE-4.18:skopeo-2:1.16.1-5.rhaos4.18.el8.x86_64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.aarch64",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.ppc64le",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.s390x",
"8Base-RHOSE-4.18:skopeo-tests-2:1.16.1-5.rhaos4.18.el8.x86_64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:podman-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-debugsource-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-docker-5:5.2.2-20.rhaos4.18.el9.noarch",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-plugins-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-remote-debuginfo-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:podman-tests-5:5.2.2-20.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:runc-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debuginfo-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:runc-debugsource-4:1.2.9-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.src",
"9Base-RHOSE-4.18:skopeo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debuginfo-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-debugsource-2:1.16.1-6.rhaos4.18.el9.x86_64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.aarch64",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.ppc64le",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.s390x",
"9Base-RHOSE-4.18:skopeo-tests-2:1.16.1-6.rhaos4.18.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:21769
Vulnerability from csaf_redhat - Published: 2026-05-28 20:39 - Updated: 2026-07-13 23:31No description is available for this CVE.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the 'leafnode' configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.>` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system's integrity and confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a '<' character not followed by a '>' character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.5.4 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21769",
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21728",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27889",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29785",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33215",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33216",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33217",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33218",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33219",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33247",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33413",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33487",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33997",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34040",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40890",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41602",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41603",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41604",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41605",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41606",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41607",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41636",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43869",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21769.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update",
"tracking": {
"current_release_date": "2026-07-13T23:31:33+00:00",
"generator": {
"date": "2026-07-13T23:31:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:21769",
"initial_release_date": "2026-05-28T20:39:36+00:00",
"revision_history": [
{
"date": "2026-05-28T20:39:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-28T20:39:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:31:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.5.4",
"product": {
"name": "Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ad91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Adc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Ab70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=1779837290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ac985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Afc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Afb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Aeaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ae26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Adf44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Abb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Acffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-21728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T09:00:58.144273+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana/tempo: Tempo: Denial of Service via large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "RHBZ#2461395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://grafana.com/security/security-advisories/cve-2026-21728",
"url": "https://grafana.com/security/security-advisories/cve-2026-21728"
}
],
"release_date": "2026-04-24T08:00:47.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana/tempo: Tempo: Denial of Service via large queries"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27889",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:01:58.261703+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "RHBZ#2451447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-03.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-03.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6"
}
],
"release_date": "2026-03-25T19:36:36.370000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame"
},
{
"cve": "CVE-2026-29785",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-03-25T20:01:35.121898+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451444"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the \u0027leafnode\u0027 configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "RHBZ#2451444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-04.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-04.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8",
"url": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6"
}
],
"release_date": "2026-03-25T19:38:44.587000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33215",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2026-03-24T22:01:19.032191+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "RHBZ#2451021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-06.tx",
"url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"
}
],
"release_date": "2026-03-24T20:55:53.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance"
},
{
"cve": "CVE-2026-33216",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"discovery_date": "2026-03-25T20:02:03.000174+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "RHBZ#2451448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-05.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-05.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099",
"url": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc"
}
],
"release_date": "2026-03-25T19:41:55.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints"
},
{
"cve": "CVE-2026-33217",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-25T20:01:47.815937+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451446"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.\u003e` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "RHBZ#2451446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-07.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-07.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5"
}
],
"release_date": "2026-03-25T19:43:40.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace"
},
{
"cve": "CVE-2026-33218",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:02:13.680355+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "RHBZ#2451450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-10.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-10.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339"
}
],
"release_date": "2026-03-25T19:53:12.075000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port"
},
{
"cve": "CVE-2026-33219",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-25T20:01:41.235854+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451445"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "RHBZ#2451445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451445"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-02.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-02.txt"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-11.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-11.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/advisories/GHSA-qrvq-68c2-7grw"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j"
}
],
"release_date": "2026-03-25T19:55:28.363000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets"
},
{
"cve": "CVE-2026-33247",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2026-03-25T21:02:07.985713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "RHBZ#2451486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-14.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-14.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv"
}
],
"release_date": "2026-03-25T20:02:18.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments"
},
{
"cve": "CVE-2026-33413",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2026-03-26T14:03:01.896580+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451728"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: etcd: Authorization bypass allows information disclosure and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in etcd allows unauthorized users to bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients and etcd\u0027s built-in authentication is enabled. This can lead to information disclosure and denial of service. Typical Red Hat OpenShift Container Platform and Kubernetes deployments are not affected, as the Kubernetes API server handles authentication and authorization independently of etcd\u0027s internal mechanisms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "RHBZ#2451728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33413"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg"
}
],
"release_date": "2026-03-26T13:36:10.919000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Restrict network access to etcd server ports to ensure only trusted components can establish connections. Implement strong client identity at the transport layer, such as mTLS, with tightly scoped client certificate distribution. This will limit unauthorized access to etcd functions.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "etcd: etcd: Authorization bypass allows information disclosure and denial of service"
},
{
"cve": "CVE-2026-33487",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-26T18:02:32.278778+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "RHBZ#2451814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc",
"url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
}
],
"release_date": "2026-03-26T17:17:51.101000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
},
{
"cve": "CVE-2026-33997",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-03-31T03:01:29.529297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon\u0027s privilege comparison logic, the system may incorrectly accept a plugin\u0027s requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An important flaw in Moby, an open-source container framework, allows for a privilege validation bypass during `docker plugin install`. This issue stems from an error in the daemon\u0027s privilege comparison logic, which could lead to unauthorized privilege escalation for installed plugins. Red Hat products that leverage Moby and allow Docker plugin installation are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "RHBZ#2453277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9",
"url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
}
],
"release_date": "2026-03-31T01:36:51.404000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation"
},
{
"cve": "CVE-2026-34040",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-03-31T03:01:34.530713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system\u0027s integrity and confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moby: Moby: Authorization bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "RHBZ#2453278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
}
],
"release_date": "2026-03-31T01:36:48.205000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moby: Moby: Authorization bypass vulnerability"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-40890",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-04-21T20:02:56.729456+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460245"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a \u0027\u003c\u0027 character not followed by a \u0027\u003e\u0027 character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw affecting Red Hat products that utilize the `github.com/gomarkdown/markdown` library. The vulnerability occurs when the `SmartypantsRenderer` processes specially crafted malformed Markdown input containing an unclosed \u0027\u003c\u0027 character, leading to an out-of-bounds read or application panic. A successful exploitation may lead the application using the library unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "RHBZ#2460245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778",
"url": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7",
"url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7"
}
],
"release_date": "2026-04-21T19:51:53.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input"
},
{
"cve": "CVE-2026-41602",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:16.099816+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "RHBZ#2463407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/6",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/6"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:06.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation"
},
{
"cve": "CVE-2026-41603",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-28T10:01:29.782287+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "RHBZ#2463411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/7",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:40.564000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation"
},
{
"cve": "CVE-2026-41604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:47.903741+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "RHBZ#2463416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41604"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/5",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:13.996000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41605",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:54.269412+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "RHBZ#2463418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/4",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/4"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:44.319000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability"
},
{
"cve": "CVE-2026-41606",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-04-28T10:01:19.136351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "RHBZ#2463408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/3",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/3"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:12.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion"
},
{
"cve": "CVE-2026-41607",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:33.022623+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "RHBZ#2463412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/2",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:48.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41636",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-28T10:01:03.992199+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463404"
}
],
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "RHBZ#2463404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:22:14.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:21772
Vulnerability from csaf_redhat - Published: 2026-05-28 21:29 - Updated: 2026-07-13 23:31A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the `G3413CTRBlockCipher`, potentially leading to the recovery and access of encrypted data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, potentially leading to disclosure of sensitive information or the manipulation of directory search queries.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustion can result in a Denial of Service (DoS), making the server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in markdown-it. A remote attacker can exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted input containing a long sequence of asterisk characters followed by a non-matching character to the `linkify` function. This triggers excessive backtracking in the regular expression, leading to a denial-of-service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft `CompositeVerifier` implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially compromising the authenticity and integrity of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in express-rate-limit. The default key generator incorrectly applies IPv6 subnet masking to IPv4-mapped IPv6 addresses, which are used when an IPv4 client connects to a dual-stack server. This misconfiguration causes all IPv4 traffic to be treated as a single entity for rate limiting. Consequently, a remote attacker can exhaust the rate limit with a single client, leading to a Denial of Service (DoS) for all other IPv4 clients by causing them to receive HTTP 429 errors.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in tar. An attacker can exploit this vulnerability by crafting a malicious tar archive containing a drive-relative symlink. This symlink, such as C:../../../target.txt, can trick the tar utility into writing files outside the intended extraction directory during normal archive extraction, leading to unauthorized file overwrite.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A denial of service flaw has been discovered in the flatted npm library. flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote attacker can exploit this vulnerability by sending fragmented ClientHello packets during the Transport Layer Security (TLS) handshake. This causes Traefik's Server Name Indication (SNI) extraction to fail, leading to a fallback to a default TLS configuration that does not require client certificates. This allows an attacker to bypass mutual TLS (mTLS) authentication, gaining unauthorized access to services that should be protected by client certificate requirements.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in the Go MCP SDK's Streamable HTTP transport, which uses Go's standard `encoding/json` package. In deployments without authorization, a remote attacker can exploit this Cross-Site Request Forgery (CSRF) vulnerability. By sending browser-generated cross-site `POST` requests to a local server without proper validation of the `Origin` header or `Content-Type`, an attacker can potentially trigger unauthorized tool execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
A flaw was found in the Model Context Protocol (MCP) Go SDK. When an HTTP-based MCP server is run on localhost without authentication, a malicious website can exploit a DNS rebinding vulnerability. This allows the attacker to bypass same-origin policy restrictions and send requests to the local MCP server. Consequently, an attacker could invoke tools or access resources exposed by the MCP server on behalf of the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability exists in Traefik's ForwardAuth middleware when the `trustForwardHeader` setting is configured as `false` and Traefik is deployed behind a trusted upstream proxy. A remote attacker could exploit this to bypass authentication, potentially gaining unauthorized access to protected resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in Traefik. A remote attacker can exploit an authentication bypass vulnerability by injecting spoofed trust context through unsanitized alias headers. This is due to Traefik's forwarded-header sanitization logic not properly handling alias header names that use underscores instead of dashes. This allows an attacker to bypass authentication on protected routes without valid credentials.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in Thymeleaf, a server-side Java template engine. An unauthenticated remote attacker can exploit a security bypass vulnerability in the expression execution mechanisms. By providing unvalidated user input directly to the template engine, the attacker can bypass the library's protections, leading to Server-Side Template Injection (SSTI). This allows access to potentially sensitive objects from within a template.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in Thymeleaf, a server-side Java template engine. An unauthenticated remote attacker can exploit this vulnerability by providing unvalidated user input to the template engine. This bypasses existing security mechanisms, allowing for the execution of unauthorized expressions and leading to Server-Side Template Injection (SSTI).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in lego, the Let's Encrypt client and ACME library written in Go. A malicious ACME (Automated Certificate Management Environment) server can exploit a path traversal vulnerability in the webroot HTTP-01 challenge provider. By supplying a specially crafted challenge token containing directory traversal sequences, the server can cause lego to write or delete files in arbitrary locations on the system where lego is running, potentially leading to system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability allows an unauthenticated attacker to access protected content. The flaw occurs when the StripPrefixRegex middleware is used with authentication mechanisms such as ForwardAuth, BasicAuth, or DigestAuth. By crafting a specific URL with dot-segments, an attacker can bypass authentication checks and gain unauthorized access to sensitive resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to remote code execution in the remote application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the `ApplicationTemp` directory due to predictable temporary directory handling. When the `server.servlet.session.persistent` setting is enabled and the attack persists across application restarts, this could allow the attacker to read session information, hijack authenticated user sessions, or execute arbitrary code as the application's user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in Spring Boot. The `${random.value}` property source utilizes a weak pseudo-random number generator (PRNG), meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information disclosure or a security bypass if they are used in sensitive applications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user's browser, leading to Cross-Site Scripting (XSS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.28.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.28 release is based on Eclipse Che 7.117 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21772",
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.28/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.28/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14813",
"url": "https://access.redhat.com/security/cve/CVE-2025-14813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-0636",
"url": "https://access.redhat.com/security/cve/CVE-2026-0636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1525",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1526",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1528",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1605",
"url": "https://access.redhat.com/security/cve/CVE-2026-1605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2229",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2327",
"url": "https://access.redhat.com/security/cve/CVE-2026-2327"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30827",
"url": "https://access.redhat.com/security/cve/CVE-2026-30827"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31802",
"url": "https://access.redhat.com/security/cve/CVE-2026-31802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32141",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32305",
"url": "https://access.redhat.com/security/cve/CVE-2026-32305"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33252",
"url": "https://access.redhat.com/security/cve/CVE-2026-33252"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34742",
"url": "https://access.redhat.com/security/cve/CVE-2026-34742"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-35051",
"url": "https://access.redhat.com/security/cve/CVE-2026-35051"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39858",
"url": "https://access.redhat.com/security/cve/CVE-2026-39858"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40477",
"url": "https://access.redhat.com/security/cve/CVE-2026-40477"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40478",
"url": "https://access.redhat.com/security/cve/CVE-2026-40478"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40611",
"url": "https://access.redhat.com/security/cve/CVE-2026-40611"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40912",
"url": "https://access.redhat.com/security/cve/CVE-2026-40912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40972",
"url": "https://access.redhat.com/security/cve/CVE-2026-40972"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40973",
"url": "https://access.redhat.com/security/cve/CVE-2026-40973"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40975",
"url": "https://access.redhat.com/security/cve/CVE-2026-40975"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41240",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5588",
"url": "https://access.redhat.com/security/cve/CVE-2026-5588"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21772.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.0 Release.",
"tracking": {
"current_release_date": "2026-07-13T23:31:34+00:00",
"generator": {
"date": "2026-07-13T23:31:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:21772",
"initial_release_date": "2026-05-28T21:29:20+00:00",
"revision_history": [
{
"date": "2026-05-28T21:29:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-28T21:29:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:31:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3.28",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.28::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Ab86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1779814592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aa47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1779813519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Aae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1779805126"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Afd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1779341289"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Ace0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1779821829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1779817966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1779330003"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ae9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1779528224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Af53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1779824076"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Aaea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=1779837964"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1779359423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1779342423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1779786779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Af038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1779829736"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Acc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1779741226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Adc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1779741066"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Acc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1779814592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1779813519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1779805126"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1779341289"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Ad9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1779821829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1779817966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Aad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1779330003"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Afe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1779528224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1779824076"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ad0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1779359423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1779342423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1779786779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Ad991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1779829736"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1779741226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Aba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1779741066"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Ad752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1779814592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1779813519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1779805126"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Ae10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1779341289"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Ac694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1779821829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Ad23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1779817966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1779330003"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1779528224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1779824076"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ae16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1779359423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1779342423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1779786779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1779829736"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ab03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1779741226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1779741066"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Acbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1779814592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1779813519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1779805126"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aadea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1779341289"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Aefd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1779821829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1779817966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1779330003"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1779528224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1779824076"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1779359423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1779342423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Aaedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1779786779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1779829736"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1779741226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1779741066"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14813",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2026-04-15T10:01:27.769752+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458640"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the `G3413CTRBlockCipher`, potentially leading to the recovery and access of encrypted data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to capture ciphertext encrypted by the `GOSTCTR` implementation where the `G3413CTRBlockCipher` processed more than 255 blocks of data, resulting in keystream reuse. An attack typically requires capturing these overlapping ciphertexts to perform cryptanalysis and uncover the underlying data.\nThe primary impact of this vulnerability is the potential loss of confidentiality for data encrypted by the `GOSTCTR` implementation. This can compromise encrypted communications or sensitive stored data by allowing an attacker to fully recover the plaintext.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14813"
},
{
"category": "external",
"summary": "RHBZ#2458640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458640"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14813"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813",
"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813"
}
],
"release_date": "2026-04-15T08:56:34.057000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly limit the payload encrypted under a single key and Initialization Vector (IV) pair using the GOSTCTR implementation and G3413CTRBlockCipher to a maximum of 255 blocks. Alternatively, transition to a more secure, standardized and authenticated encryption mode.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-0636",
"cwe": {
"id": "CWE-90",
"name": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)"
},
"discovery_date": "2026-04-15T10:01:32.911938+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458641"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, potentially leading to disclosure of sensitive information or the manipulation of directory search queries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to submit crafted input to an application using the `LDAPStoreHelper` implementation for directory queries. An attack typically requires the application to pass the malicious input directly into a search filter, allowing the attacker to modify the resulting LDAP query.\nThe primary impact of this vulnerability is the loss of confidentiality and integrity for directory data. This can allow an attacker to bypass search restrictions and manipulate directory results, potentially leading to unauthorized access or privilege escalation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0636"
},
{
"category": "external",
"summary": "RHBZ#2458641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458641"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0636"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde",
"url": "https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636",
"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636"
}
],
"release_date": "2026-04-15T08:59:12.677000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate this flaw, sanitize all user-supplied input to remove or escape LDAP special characters before passing it to the LDAPStoreHelper for directory queries. If the input contains unexpected metacharacters such as asterisks, parentheses or backslashes, reject the request or escape the characters.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java"
},
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-1605",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-03-05T11:00:57.250283+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server\u0027s response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustion can result in a Denial of Service (DoS), making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1605"
},
{
"category": "external",
"summary": "RHBZ#2444815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1605"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-xxh7-fcf3-rj7f",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-xxh7-fcf3-rj7f"
}
],
"release_date": "2026-03-05T09:39:01.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-2327",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-12T06:00:49.531803+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439272"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in markdown-it. A remote attacker can exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted input containing a long sequence of asterisk characters followed by a non-matching character to the `linkify` function. This triggers excessive backtracking in the regular expression, leading to a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "markdown-it: markdown-it: Denial of Service via Regular Expression Denial of Service in linkify function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2327"
},
{
"category": "external",
"summary": "RHBZ#2439272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2327"
},
{
"category": "external",
"summary": "https://gist.github.com/ltduc147/c9abecae1b291ede4f692f2ab988c917",
"url": "https://gist.github.com/ltduc147/c9abecae1b291ede4f692f2ab988c917"
},
{
"category": "external",
"summary": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs%23L33",
"url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs%23L33"
},
{
"category": "external",
"summary": "https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26",
"url": "https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-10666750",
"url": "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-10666750"
}
],
"release_date": "2026-02-12T05:00:07.369000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "markdown-it: markdown-it: Denial of Service via Regular Expression Denial of Service in linkify function"
},
{
"cve": "CVE-2026-5588",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-04-15T10:00:59.672015+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft `CompositeVerifier` implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially compromising the authenticity and integrity of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to submit a crafted payload or token containing an empty signature sequence to an application using the `CompositeVerifier` for cryptographic validation. An attack typically requires the application to process this malformed data and improperly accept the empty sequence as a valid signature, bypassing standard verification checks.\nThe primary impact of this vulnerability is the compromise of data authenticity and integrity, allowing an attacker to forge digital signatures and impersonate trusted entities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5588"
},
{
"category": "external",
"summary": "RHBZ#2458634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5588",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5588"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588",
"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588"
}
],
"release_date": "2026-04-15T09:06:15.617000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate this flaw, check that the signature sequence is not empty before passing any data to the CompositeVerifier for cryptographic validation. If the sequence is empty or null, explicitly reject the payload before it is processed.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-30827",
"cwe": {
"id": "CWE-1389",
"name": "Incorrect Parsing of Numbers with Different Radices"
},
"discovery_date": "2026-03-07T06:01:06.325390+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in express-rate-limit. The default key generator incorrectly applies IPv6 subnet masking to IPv4-mapped IPv6 addresses, which are used when an IPv4 client connects to a dual-stack server. This misconfiguration causes all IPv4 traffic to be treated as a single entity for rate limiting. Consequently, a remote attacker can exhaust the rate limit with a single client, leading to a Denial of Service (DoS) for all other IPv4 clients by causing them to receive HTTP 429 errors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express-rate-limit: express-rate-limit: Denial of Service for IPv4 clients due to incorrect IPv6 subnet masking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30827"
},
{
"category": "external",
"summary": "RHBZ#2445429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30827",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30827"
},
{
"category": "external",
"summary": "https://github.com/express-rate-limit/express-rate-limit/commit/14e53888cdfd1b9798faf5b634c4206409e27fc4",
"url": "https://github.com/express-rate-limit/express-rate-limit/commit/14e53888cdfd1b9798faf5b634c4206409e27fc4"
},
{
"category": "external",
"summary": "https://github.com/express-rate-limit/express-rate-limit/security/advisories/GHSA-46wh-pxpv-q5gq",
"url": "https://github.com/express-rate-limit/express-rate-limit/security/advisories/GHSA-46wh-pxpv-q5gq"
}
],
"release_date": "2026-03-07T05:19:08.206000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Restrict network access to applications utilizing the express-rate-limit middleware to trusted clients or networks. Implementing firewall rules or network access controls can prevent untrusted actors from exploiting the shared rate-limit bucket vulnerability affecting IPv4-mapped IPv6 addresses on dual-stack servers.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express-rate-limit: express-rate-limit: Denial of Service for IPv4 clients due to incorrect IPv6 subnet masking"
},
{
"cve": "CVE-2026-31802",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-09T22:01:31.563825+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445881"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in tar. An attacker can exploit this vulnerability by crafting a malicious tar archive containing a drive-relative symlink. This symlink, such as C:../../../target.txt, can trick the tar utility into writing files outside the intended extraction directory during normal archive extraction, leading to unauthorized file overwrite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: tar: File overwrite via drive-relative symlink traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a MODERATE impact vulnerability. The tar utility is susceptible to unauthorized file overwrites when processing specially crafted archives containing drive-relative symlinks. As such, it primarily affects integrity (since it can overwrite files and file contents), with no clear indication that availability or confidentiality may be affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31802"
},
{
"category": "external",
"summary": "RHBZ#2445881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445881"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31802"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad",
"url": "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256"
}
],
"release_date": "2026-03-09T21:11:56.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: tar: File overwrite via drive-relative symlink traversal"
},
{
"cve": "CVE-2026-32141",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T19:01:30.987208+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447083"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the flatted npm library. flatted\u0027s parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatted: flatted: Unbounded recursion DoS in parse() revive phase",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "RHBZ#2447083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606",
"url": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/pull/88",
"url": "https://github.com/WebReflection/flatted/pull/88"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f",
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f"
}
],
"release_date": "2026-03-12T18:08:09.634000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "flatted: flatted: Unbounded recursion DoS in parse() revive phase"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32305",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-03-20T11:02:42.394091+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote attacker can exploit this vulnerability by sending fragmented ClientHello packets during the Transport Layer Security (TLS) handshake. This causes Traefik\u0027s Server Name Indication (SNI) extraction to fail, leading to a fallback to a default TLS configuration that does not require client certificates. This allows an attacker to bypass mutual TLS (mTLS) authentication, gaining unauthorized access to services that should be protected by client certificate requirements.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Traefik: github.com/traefik/traefik: Traefik: mTLS bypass allows unauthorized service access via fragmented ClientHello.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32305"
},
{
"category": "external",
"summary": "RHBZ#2449595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32305"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32305"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.41",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.41"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.11",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.11"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2",
"url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48"
}
],
"release_date": "2026-03-20T10:01:13.620000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate unauthorized access, restrict network access to the Traefik instance to only trusted clients and networks. Implement firewall rules to limit inbound connections to the ports Traefik listens on for mTLS-protected services. For example, using `firewalld`, specific source IP addresses or networks can be allowed. After applying firewall rules, ensure the firewall service is reloaded for changes to take effect. This reduces the attack surface by preventing untrusted external access to the Traefik instance.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Traefik: github.com/traefik/traefik: Traefik: mTLS bypass allows unauthorized service access via fragmented ClientHello."
},
{
"cve": "CVE-2026-33252",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-03-24T00:01:27.617763+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go MCP SDK\u0027s Streamable HTTP transport, which uses Go\u0027s standard `encoding/json` package. In deployments without authorization, a remote attacker can exploit this Cross-Site Request Forgery (CSRF) vulnerability. By sending browser-generated cross-site `POST` requests to a local server without proper validation of the `Origin` header or `Content-Type`, an attacker can potentially trigger unauthorized tool execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33252"
},
{
"category": "external",
"summary": "RHBZ#2450542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33252",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33252"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33252"
},
{
"category": "external",
"summary": "https://github.com/modelcontextprotocol/go-sdk/commit/a433a831d6e5d5ac3b9e625a8095aa8eaa040dfc",
"url": "https://github.com/modelcontextprotocol/go-sdk/commit/a433a831d6e5d5ac3b9e625a8095aa8eaa040dfc"
},
{
"category": "external",
"summary": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-89xv-2j6f-qhc8",
"url": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-89xv-2j6f-qhc8"
}
],
"release_date": "2026-03-23T23:44:16.106000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, ensure that deployments utilizing the Go MCP SDK are configured with proper authorization mechanisms. This prevents unauthorized cross-site requests from triggering tool execution. Additionally, restrict network access to the local server running the SDK to trusted sources only, using firewall rules to limit exposure.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
},
{
"cve": "CVE-2026-34742",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2026-04-02T19:06:39.830253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2454608"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Model Context Protocol (MCP) Go SDK. When an HTTP-based MCP server is run on localhost without authentication, a malicious website can exploit a DNS rebinding vulnerability. This allows the attacker to bypass same-origin policy restrictions and send requests to the local MCP server. Consequently, an attacker could invoke tools or access resources exposed by the MCP server on behalf of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/modelcontextprotocol/go-sdk: Model Context Protocol (MCP) Go SDK: DNS rebinding vulnerability allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34742"
},
{
"category": "external",
"summary": "RHBZ#2454608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454608"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34742",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34742"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34742",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34742"
},
{
"category": "external",
"summary": "https://github.com/modelcontextprotocol/go-sdk/commit/67bd3f2e2b53ce11a16db8d976cdb8ff1e986b6d",
"url": "https://github.com/modelcontextprotocol/go-sdk/commit/67bd3f2e2b53ce11a16db8d976cdb8ff1e986b6d"
},
{
"category": "external",
"summary": "https://github.com/modelcontextprotocol/go-sdk/pull/760",
"url": "https://github.com/modelcontextprotocol/go-sdk/pull/760"
},
{
"category": "external",
"summary": "https://github.com/modelcontextprotocol/go-sdk/releases/tag/v1.4.0",
"url": "https://github.com/modelcontextprotocol/go-sdk/releases/tag/v1.4.0"
},
{
"category": "external",
"summary": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-xw59-hvm2-8pj6",
"url": "https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-xw59-hvm2-8pj6"
}
],
"release_date": "2026-04-02T18:32:34.781000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/modelcontextprotocol/go-sdk: Model Context Protocol (MCP) Go SDK: DNS rebinding vulnerability allows unauthorized access"
},
{
"cve": "CVE-2026-35051",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"discovery_date": "2026-04-30T21:01:28.437993+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464235"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability exists in Traefik\u0027s ForwardAuth middleware when the `trustForwardHeader` setting is configured as `false` and Traefik is deployed behind a trusted upstream proxy. A remote attacker could exploit this to bypass authentication, potentially gaining unauthorized access to protected resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Traefik: github.com/traefik/traefik: Traefik: Authentication bypass in ForwardAuth middleware",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-35051"
},
{
"category": "external",
"summary": "RHBZ#2464235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-35051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35051"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-35051",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35051"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.43",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.43"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.14",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.14"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2",
"url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-6384-m2mw-rf54",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-6384-m2mw-rf54"
}
],
"release_date": "2026-04-30T20:26:06.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the `trustForwardHeader` setting in Traefik\u0027s ForwardAuth middleware is not explicitly configured as `false` unless absolutely necessary. If Traefik is deployed behind a trusted upstream proxy, review the configuration to ensure that `trustForwardHeader` is either set to `true` or omitted, allowing Traefik to correctly process forwarded headers for authentication. If this configuration is modified, a restart or reload of the Traefik service may be required for the changes to take effect.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Traefik: github.com/traefik/traefik: Traefik: Authentication bypass in ForwardAuth middleware"
},
{
"cve": "CVE-2026-39858",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-04-30T21:01:23.755037+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464234"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik. A remote attacker can exploit an authentication bypass vulnerability by injecting spoofed trust context through unsanitized alias headers. This is due to Traefik\u0027s forwarded-header sanitization logic not properly handling alias header names that use underscores instead of dashes. This allows an attacker to bypass authentication on protected routes without valid credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik: Authentication bypass via unsanitized alias headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39858"
},
{
"category": "external",
"summary": "RHBZ#2464234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39858"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39858",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39858"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.43",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.43"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.14",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.14"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2",
"url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-5m6w-wvh7-57vm",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-5m6w-wvh7-57vm"
}
],
"release_date": "2026-04-30T20:26:26.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "traefik: Traefik: Authentication bypass via unsanitized alias headers"
},
{
"cve": "CVE-2026-40477",
"cwe": {
"id": "CWE-917",
"name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
},
"discovery_date": "2026-04-17T23:00:52.793546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Thymeleaf, a server-side Java template engine. An unauthenticated remote attacker can exploit a security bypass vulnerability in the expression execution mechanisms. By providing unvalidated user input directly to the template engine, the attacker can bypass the library\u0027s protections, leading to Server-Side Template Injection (SSTI). This allows access to potentially sensitive objects from within a template.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40477"
},
{
"category": "external",
"summary": "RHBZ#2459344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40477"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40477",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40477"
},
{
"category": "external",
"summary": "https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-r4v4-5mwr-2fwr",
"url": "https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-r4v4-5mwr-2fwr"
}
],
"release_date": "2026-04-17T21:53:47.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution"
},
{
"cve": "CVE-2026-40478",
"cwe": {
"id": "CWE-917",
"name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
},
"discovery_date": "2026-04-17T23:01:08.580532+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459349"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Thymeleaf, a server-side Java template engine. An unauthenticated remote attacker can exploit this vulnerability by providing unvalidated user input to the template engine. This bypasses existing security mechanisms, allowing for the execution of unauthorized expressions and leading to Server-Side Template Injection (SSTI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40478"
},
{
"category": "external",
"summary": "RHBZ#2459349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459349"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40478"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40478",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40478"
},
{
"category": "external",
"summary": "https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-xjw8-8c5c-9r79",
"url": "https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-xjw8-8c5c-9r79"
}
],
"release_date": "2026-04-17T21:57:01.560000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "The vulnerability arises when unvalidated user input is directly passed to the Thymeleaf template engine. To mitigate this, application developers should implement robust input validation and sanitization for all user-supplied data before it is processed by the Thymeleaf template engine. This ensures that malicious expressions cannot be executed.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass"
},
{
"cve": "CVE-2026-40611",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-04-21T20:01:57.383011+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460233"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in lego, the Let\u0027s Encrypt client and ACME library written in Go. A malicious ACME (Automated Certificate Management Environment) server can exploit a path traversal vulnerability in the webroot HTTP-01 challenge provider. By supplying a specially crafted challenge token containing directory traversal sequences, the server can cause lego to write or delete files in arbitrary locations on the system where lego is running, potentially leading to system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-acme/lego: Lego: Arbitrary file write and deletion via path traversal from a malicious ACME server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The `lego` client, utilized in Red Hat OpenShift Dev Spaces, is susceptible to a path traversal vulnerability within its webroot HTTP-01 challenge provider. A malicious ACME server could exploit this flaw by sending a specially crafted challenge token, enabling arbitrary file write or deletion on the system running `lego`. The impact of this flaw is directly limited to the level of privileges the process running the `lego` client has, since the attacker would be able to create, write or delete only files that the lego\u0027s running UID has permission to perform the analogue operation.\n\nTo exploit this vulnerability the user needs to be tricked to connect to a malicious ACME server or the attacker needs to firstly compromise the ACME server to send the crafted challenge token in order to trigger the path traversal vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40611"
},
{
"category": "external",
"summary": "RHBZ#2460233",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460233"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40611"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40611"
},
{
"category": "external",
"summary": "https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8",
"url": "https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8"
}
],
"release_date": "2026-04-21T17:58:35.221000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the `lego` client only interacts with trusted ACME servers. Additionally, run the `lego` process with the least necessary privileges and in a restricted environment to limit the potential impact of arbitrary file operations. This may involve containerization or specific filesystem access controls.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-acme/lego: Lego: Arbitrary file write and deletion via path traversal from a malicious ACME server"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-40912",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-04-30T21:01:06.544377+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability allows an unauthenticated attacker to access protected content. The flaw occurs when the StripPrefixRegex middleware is used with authentication mechanisms such as ForwardAuth, BasicAuth, or DigestAuth. By crafting a specific URL with dot-segments, an attacker can bypass authentication checks and gain unauthorized access to sensitive resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/traefik/traefik: Traefik: Authentication bypass via crafted URL dot-segments in StripPrefixRegex middleware",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40912"
},
{
"category": "external",
"summary": "RHBZ#2464229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40912"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.43",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.43"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.14",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.14"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2",
"url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-6jwx-7vp4-9847",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-6jwx-7vp4-9847"
}
],
"release_date": "2026-04-30T20:38:21.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/traefik/traefik: Traefik: Authentication bypass via crafted URL dot-segments in StripPrefixRegex middleware"
},
{
"cve": "CVE-2026-40972",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2026-04-28T00:02:02.075124+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to remote code execution in the remote application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40972"
},
{
"category": "external",
"summary": "RHBZ#2463332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40972"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40972",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40972"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2026-40972",
"url": "https://spring.io/security/cve-2026-40972"
}
],
"release_date": "2026-04-27T23:15:19.194000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the Spring Boot DevTools remote functionality in production environments. This feature is primarily intended for development and should not be enabled in publicly accessible deployments.\n\nTo disable remote DevTools, ensure the `spring.devtools.remote.secret` property is not configured, or explicitly set `spring.devtools.remote.enabled=false` in your application\u0027s `application.properties` or `application.yml` file.\n\nExample for `application.properties`:\n`spring.devtools.remote.enabled=false`\n\nDisabling this feature may impact development workflows that rely on remote DevTools capabilities. A restart of the application is required for the changes to take effect.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison"
},
{
"cve": "CVE-2026-40973",
"cwe": {
"id": "CWE-341",
"name": "Predictable from Observable State"
},
"discovery_date": "2026-04-28T00:01:55.408040+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the `ApplicationTemp` directory due to predictable temporary directory handling. When the `server.servlet.session.persistent` setting is enabled and the attack persists across application restarts, this could allow the attacker to read session information, hijack authenticated user sessions, or execute arbitrary code as the application\u0027s user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40973"
},
{
"category": "external",
"summary": "RHBZ#2463330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40973",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40973"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2026-40973",
"url": "https://spring.io/security/cve-2026-40973"
}
],
"release_date": "2026-04-27T23:29:51.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the `server.servlet.session.persistent` property is set to `false` in your Spring Boot application\u0027s configuration. This prevents session information from being written to the predictable temporary directory, thereby removing the conditions necessary for exploitation. Disabling persistent sessions may affect application behavior that relies on session data surviving restarts.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory"
},
{
"cve": "CVE-2026-40975",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-04-28T00:01:58.716976+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot. The `${random.value}` property source utilizes a weak pseudo-random number generator (PRNG), meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information disclosure or a security bypass if they are used in sensitive applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40975"
},
{
"category": "external",
"summary": "RHBZ#2463331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40975"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40975"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2026-40975",
"url": "https://spring.io/security/cve-2026-40975"
}
],
"release_date": "2026-04-27T23:32:58.596000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Applications utilizing Spring Boot should avoid using the `${random.value}` property for generating cryptographic secrets or other security-sensitive data. Developers should review their application configurations and code to ensure that only cryptographically strong random number generators are used for such purposes. For UUID generation, `${random.uuid}` is not affected and can be used.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure."
},
{
"cve": "CVE-2026-41240",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-23T16:04:41.751666+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user\u0027s browser, leading to Cross-Site Scripting (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "RHBZ#2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80",
"url": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m"
}
],
"release_date": "2026-04-23T14:54:32.426000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T21:29:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:b86a03ffcc1fc359116cc0ca231c64e5d612f047d41b5a2d44d1f3a9d880c14b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cbe05937b330c830b280fcde70ddc04e76fc01770f519db54385e62d3cdc4365_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:cc5228f1a81ab52552eff2f4b4147affa898ffa429a49f7fb47ca394e892c482_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:d752b1a872d03c454c7a2e8a6141fe41df0a62d5e968be7a69f0203fefcb6559_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1a5fb68c1f62c66f2d62c3b6a3ef48ed902e59307b1a9e50c658132ee870f3cd_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:1d42bcfcf3be9fdb75625eb17ecc7b05d311ceb7e5db9b64a61b957a0dac2017_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:20e1309511f84fb268d23fc50ef0756dfc4fdb917b6647e6b09c24d59439288d_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a47056a230633c885e68ec24f4a0827e6ed6e295a16ab03ee7a4ef5ea1064254_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:4805d4c6d4c2d53d3515ad28ac35c6360413bef3dc5399ce328449b16bcac729_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:561ca113c28e37b1753d902d2f42dc698bfcbbc2f2e3eb5e0b4d549fb5593309_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:64e5a7d8b8ea5d4f4e9248ffe5ff1235897a6fb799e9ae80cc321730c6173b1a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:ae093c3335e1d3ebc56814a7482cf5783e6bf5bfab536b1e04dd88a74a8260e4_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:0f5532354d096fca2b4b51e1184c5d219d9c51880873482437ddf64c197ceb1f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:adea9256b3e9ff929f054325d167c4412c61d2d0e89b5975d751c261a3985414_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e10099e6dec84dd608b95679315fd09d6a8c377f57dabf68f5b3e1fdb12a10e5_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:fd8259ec2fe8fe72432e32186b2319bc0ef5eb1d25092b66b8f65dda04e783ac_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:aea41739b819bbf8d1bfbb67d82606f651c196fa31e44a55df0c54b9bbaba589_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0abb9413b448c31440bf42cdd876174b1534043011a68842c95d18baca978b65_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:32489db0d434bcd83578d77acb7c3e8cbbcb7458ffe47bc003423df9b2437133_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:586e3c00134033b5371c6eb5c839c65c89e7833918122db6ad6de7b286caf2da_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:f53eafc9e43fca96bad5352706b791476164902cf53261437642da9352b9e121_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:c694a1979337f1666efdc017209e7b3a77b9639f823086ce907c166f6120fa71_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:ce0df59b0323f22f213488878123cbce067b946a2ea600e9fc6d26f2ac9ad12e_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d9e4872d43f955438cd3f7bd7bc1498941e6e830ea156781f066fdd8ee892d8e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:efd2d59a47a3507c3cdbd8e890c6d9a0c868025659fccc67d3f718253fede591_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:1c79ec491dbdcb2dcd861df09d8cadb3b6db3743b614b65301020f4a2f6d39dd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2babef463b6f97f7befd13ea628baae2d4d893cc9f81158ff91d82cca428d801_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2d4c066361ac0ba3b0113a03d1b8710d9fe96b666f090853ed9a5bf8bd5aadea_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:d23f8c49b65d7f605c661c01183e2da4fa7ea6c34aa69a9d9b7f552aeb759945_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:49e24bc1bd333713715af7930958a6b01a595ff6320742c7c485f441e6385eb2_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:4f77d16fd69ef14da0a96ea0f0e05ca331fcfa5c88df7b51a5c8d95e86bdb913_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:7296dbe969621fa457003014943f4a109e913dfef63def00ac079eb700b51ecd_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ad3122a7a3fe50239ada2ef6ae9e085c6cf76baa1376fdcff3829d759a1064f3_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:341c8f0f91bd41d4bded00443cd7ab2ddab4972a5ee1ddff4dcbfcdd5c2764f4_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:94d4124c7884916fbce4af4655b8a5eef5b62df6a21afabf6461bbb898d895b9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:e9eef99fc45b2ce06fadacf3db85e6e2f1fbabb16afc250929387ce2589732c3_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:fe8c450b4f48bd6935495464a3c2a7bfcf29e2bee04d44f9e60344351c49b049_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:5f22f4a4c2de62f4569dcfbdf3650edc51aacee3b4cb6c49c87b25c6bf530b6c_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:82fe544aa4f03ca665ad23acbb5472032ccdb04fc9e96d77b3b8e764e544f846_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d0250c5ec7cd6f6a1584680bb23a9b86c7791a8b8176561b9d093301d41a6218_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:e16a96851641fe2f7a92889a3ca6e8357d4a8f762bdd5b6116332965fdbd3a19_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0ba5969eb9013d9d44e20c12fe0a510cf38ca6948ce1d61e087f4cb527044d72_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:0e2ef986cf3ec33b9df0ef362570fd536b2805da20d0e99b6fb25b053235d117_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:7868955f9a0266eb48a93cfb965e08fd8171a1e26f46c1e172e27cbd5db9a34f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:811c26489ddc1729faa31a91a4a1ca7f6486e3aec6b846f7d9cb3c353ac2fa50_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:3485ff167c400ce15935150104f4a3cf430bcf12cbf29f9b34674a94d381b7d6_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:36af8b9a1a82fb3f1db23701ba3c1d28c0e8d517e0b2c5f15802c30ed38335ff_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:992ea99b0f70663a8409fce0e498044cee5d09e379f45986602c3c9a10a664ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:aedada1f3dc1aae7c0314be8f91dcb55f2334dba587b274a0e51e12aa082287b_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:852bbc356fb837fd973beadc9394a528be22c6ed38810aec821e7fba15fbb059_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:9fef848f79f7157c9eb8433f7ffe25d7c6077bcfbb33aa7f6f773c5b39ae0f80_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:b03208e52022e91dd863090b47da35bea4ea1c4c835d30bbf49e2d7e589895b8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cc4113bcb89360970fd57421849664a8db402be0c55ebabef47a01724c7e36f2_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:35f3dd8ce6c805bd624df77da6788be8655cd934d9a307060608459f7a9249d8_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:6c6c03f1630e51959a47f2b3f24004c6d871f7035afd720e8ec6ea2c7f2173f9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:ba654706ac34dcedfd1ca31f3e77190d598e5d54d19c1b8d7eae8f67a924eef7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:dc74ddfbd325e06a2245681854942b461ab6eb919d1f2de62e4c89403e1ef8a1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:09d59e6aa6fb229afdebe446d5de28255af78bcfae328edfbd57b83e81b31557_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:977387ccbda9f2a6de9bcabd4256c2194e7e21dbdbaca842be4c37afd55b268f_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:d991c0ebd75cdd80cf18c4798b28c2b83a4962d7dc704d47d78e83439774c0e5_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:f038896c7e017a505e47d7d30aae8dea85d4573e271e41664e3bb020c3bd2be6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:22130
Vulnerability from csaf_redhat - Published: 2026-06-01 01:46 - Updated: 2026-07-13 23:21A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22130",
"url": "https://access.redhat.com/errata/RHSA-2026:22130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22130.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-13T23:21:48+00:00",
"generator": {
"date": "2026-07-13T23:21:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22130",
"initial_release_date": "2026-06-01T01:46:42+00:00",
"revision_history": [
{
"date": "2026-06-01T01:46:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-01T01:46:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:21:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.8-5.el10_2.src",
"product": {
"name": "rhc-1:0.3.8-5.el10_2.src",
"product_id": "rhc-1:0.3.8-5.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.8-5.el10_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.8-5.el10_2.aarch64",
"product": {
"name": "rhc-1:0.3.8-5.el10_2.aarch64",
"product_id": "rhc-1:0.3.8-5.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.8-5.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.8-5.el10_2.aarch64",
"product": {
"name": "rhc-debugsource-1:0.3.8-5.el10_2.aarch64",
"product_id": "rhc-debugsource-1:0.3.8-5.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.8-5.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.aarch64",
"product_id": "rhc-debuginfo-1:0.3.8-5.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.8-5.el10_2?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.8-5.el10_2.ppc64le",
"product": {
"name": "rhc-1:0.3.8-5.el10_2.ppc64le",
"product_id": "rhc-1:0.3.8-5.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.8-5.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.8-5.el10_2.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.3.8-5.el10_2.ppc64le",
"product_id": "rhc-debugsource-1:0.3.8-5.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.8-5.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le",
"product_id": "rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.8-5.el10_2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.8-5.el10_2.s390x",
"product": {
"name": "rhc-1:0.3.8-5.el10_2.s390x",
"product_id": "rhc-1:0.3.8-5.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.8-5.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.8-5.el10_2.s390x",
"product": {
"name": "rhc-debugsource-1:0.3.8-5.el10_2.s390x",
"product_id": "rhc-debugsource-1:0.3.8-5.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.8-5.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.s390x",
"product": {
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.s390x",
"product_id": "rhc-debuginfo-1:0.3.8-5.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.8-5.el10_2?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.8-5.el10_2.x86_64",
"product": {
"name": "rhc-1:0.3.8-5.el10_2.x86_64",
"product_id": "rhc-1:0.3.8-5.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.8-5.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.8-5.el10_2.x86_64",
"product": {
"name": "rhc-debugsource-1:0.3.8-5.el10_2.x86_64",
"product_id": "rhc-debugsource-1:0.3.8-5.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.8-5.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.x86_64",
"product_id": "rhc-debuginfo-1:0.3.8-5.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.8-5.el10_2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.8-5.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.aarch64"
},
"product_reference": "rhc-1:0.3.8-5.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.8-5.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.ppc64le"
},
"product_reference": "rhc-1:0.3.8-5.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.8-5.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.s390x"
},
"product_reference": "rhc-1:0.3.8-5.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.8-5.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.src"
},
"product_reference": "rhc-1:0.3.8-5.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.8-5.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.x86_64"
},
"product_reference": "rhc-1:0.3.8-5.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.3.8-5.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.s390x"
},
"product_reference": "rhc-debuginfo-1:0.3.8-5.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.8-5.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.3.8-5.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.8-5.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.aarch64"
},
"product_reference": "rhc-debugsource-1:0.3.8-5.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.8-5.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.3.8-5.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.8-5.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.s390x"
},
"product_reference": "rhc-debugsource-1:0.3.8-5.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.8-5.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.x86_64"
},
"product_reference": "rhc-debugsource-1:0.3.8-5.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.src",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.x86_64",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.x86_64",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T01:46:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.src",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.x86_64",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.x86_64",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22130"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.src",
"AppStream-10.2.Z:rhc-1:0.3.8-5.el10_2.x86_64",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-debuginfo-1:0.3.8-5.el10_2.x86_64",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.aarch64",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.ppc64le",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.s390x",
"AppStream-10.2.Z:rhc-debugsource-1:0.3.8-5.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:22141
Vulnerability from csaf_redhat - Published: 2026-06-01 02:15 - Updated: 2026-07-13 23:31A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for multiple packages is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This package provides a server-side implementation of the FIDO Device Onboard (FDO) specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location.\n\nSecurity Fix(es):\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22141",
"url": "https://access.redhat.com/errata/RHSA-2026:22141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22141.json"
}
],
"title": "Red Hat Security Advisory: go-fdo-client and go-fdo-server security update",
"tracking": {
"current_release_date": "2026-07-13T23:31:35+00:00",
"generator": {
"date": "2026-07-13T23:31:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22141",
"initial_release_date": "2026-06-01T02:15:37+00:00",
"revision_history": [
{
"date": "2026-06-01T02:15:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-01T02:15:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:31:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-fdo-server-0:1.0.1-2.el10_2.src",
"product": {
"name": "go-fdo-server-0:1.0.1-2.el10_2.src",
"product_id": "go-fdo-server-0:1.0.1-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server@1.0.1-2.el10_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "go-fdo-client-0:1.0.0-4.el10_2.src",
"product": {
"name": "go-fdo-client-0:1.0.0-4.el10_2.src",
"product_id": "go-fdo-client-0:1.0.0-4.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-client@1.0.0-4.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"product": {
"name": "go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"product_id": "go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server@1.0.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"product": {
"name": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"product_id": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server-debugsource@1.0.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"product": {
"name": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"product_id": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server-debuginfo@1.0.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"product": {
"name": "go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"product_id": "go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-client@1.0.0-4.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"product": {
"name": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"product_id": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-client-debugsource@1.0.0-4.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"product": {
"name": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"product_id": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-client-debuginfo@1.0.0-4.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"product": {
"name": "go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"product_id": "go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server@1.0.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"product": {
"name": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"product_id": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server-debugsource@1.0.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"product": {
"name": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"product_id": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server-debuginfo@1.0.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"product": {
"name": "go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"product_id": "go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-client@1.0.0-4.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"product": {
"name": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"product_id": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-client-debugsource@1.0.0-4.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"product": {
"name": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"product_id": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-client-debuginfo@1.0.0-4.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"product": {
"name": "go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"product_id": "go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server-manufacturer@1.0.1-2.el10_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"product": {
"name": "go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"product_id": "go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server-owner@1.0.1-2.el10_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch",
"product": {
"name": "go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch",
"product_id": "go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-fdo-server-rendezvous@1.0.1-2.el10_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-client-0:1.0.0-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64"
},
"product_reference": "go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-client-0:1.0.0-4.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src"
},
"product_reference": "go-fdo-client-0:1.0.0-4.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-client-0:1.0.0-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64"
},
"product_reference": "go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64"
},
"product_reference": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64"
},
"product_reference": "go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64"
},
"product_reference": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64"
},
"product_reference": "go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-0:1.0.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64"
},
"product_reference": "go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-0:1.0.1-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src"
},
"product_reference": "go-fdo-server-0:1.0.1-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-0:1.0.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64"
},
"product_reference": "go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64"
},
"product_reference": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64"
},
"product_reference": "go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64"
},
"product_reference": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64"
},
"product_reference": "go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch"
},
"product_reference": "go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-owner-0:1.0.1-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch"
},
"product_reference": "go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
},
"product_reference": "go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T02:15:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22141"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T02:15:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22141"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T02:15:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22141"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T02:15:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22141"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.src",
"AppStream-10.2.Z:go-fdo-client-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debuginfo-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-client-debugsource-0:1.0.0-4.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.src",
"AppStream-10.2.Z:go-fdo-server-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debuginfo-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.aarch64",
"AppStream-10.2.Z:go-fdo-server-debugsource-0:1.0.1-2.el10_2.x86_64",
"AppStream-10.2.Z:go-fdo-server-manufacturer-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-owner-0:1.0.1-2.el10_2.noarch",
"AppStream-10.2.Z:go-fdo-server-rendezvous-0:1.0.1-2.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.