Vulnerability-Lookup

RHSA-2026:15979

Vulnerability from csaf_redhat - Published: 2026-05-11 11:23 - Updated: 2026-05-14 07:51

Summary

Red Hat Security Advisory: Red Hat Ceph Storage

Severity

Important

Notes

Topic: A new version of Red Hat build of Ceph Storage has been released

Details: The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1. This release updates to the latest version.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-13033

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64	—	Vendor Fix fix Workaround

Known not affected 24 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2025-47914

A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64	—	Vendor Fix fix

Known not affected 24 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le		—

Threats

Impact Moderate

CVE-2025-58181

A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64	—	Vendor Fix fix

Known not affected 24 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le		—

Threats

Impact Moderate

CVE-2025-61729

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1050 - Excessive Platform Resource Consumption within a Loop

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64	—	Vendor Fix fix

Known not affected 24 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64		—
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le		—

Threats

Impact Important

CVE-2025-64718

A prototype pollution flaw has been discovered in the js-yaml npm library. It's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64	—	Vendor Fix fix Workaround

Known not affected 24 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2025-64756

A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64	—	Vendor Fix fix Workaround

Known not affected 24 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le	—	Workaround

Threats

Impact Important

CVE-2025-68156

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64	—	Vendor Fix fix Workaround

Known not affected 24 products

Product	Version	Remediation
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64	—	Workaround
Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le	—	Workaround

Threats

Impact Important

References

59 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:15979	self
https://access.redhat.com/security/cve/CVE-2025-13033	external
https://access.redhat.com/security/cve/CVE-2025-47914	external
https://access.redhat.com/security/cve/CVE-2025-58181	external
https://access.redhat.com/security/cve/CVE-2025-61729	external
https://access.redhat.com/security/cve/CVE-2025-64718	external
https://access.redhat.com/security/cve/CVE-2025-64756	external
https://access.redhat.com/security/cve/CVE-2025-68156	external
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-13033	self
https://bugzilla.redhat.com/show_bug.cgi?id=2402179	external
https://www.cve.org/CVERecord?id=CVE-2025-13033	external
https://nvd.nist.gov/vuln/detail/CVE-2025-13033	external
https://github.com/nodemailer/nodemailer	external
https://github.com/nodemailer/nodemailer/commit/1…	external
https://github.com/nodemailer/nodemailer/security…	external
https://access.redhat.com/security/cve/CVE-2025-47914	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416000	external
https://www.cve.org/CVERecord?id=CVE-2025-47914	external
https://nvd.nist.gov/vuln/detail/CVE-2025-47914	external
https://go.dev/cl/721960	external
https://go.dev/issue/76364	external
https://groups.google.com/g/golang-announce/c/w-o…	external
https://pkg.go.dev/vuln/GO-2025-4135	external
https://access.redhat.com/security/cve/CVE-2025-58181	self
https://bugzilla.redhat.com/show_bug.cgi?id=2415997	external
https://www.cve.org/CVERecord?id=CVE-2025-58181	external
https://nvd.nist.gov/vuln/detail/CVE-2025-58181	external
https://go.dev/cl/721961	external
https://go.dev/issue/76363	external
https://pkg.go.dev/vuln/GO-2025-4134	external
https://access.redhat.com/security/cve/CVE-2025-61729	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418462	external
https://www.cve.org/CVERecord?id=CVE-2025-61729	external
https://nvd.nist.gov/vuln/detail/CVE-2025-61729	external
https://go.dev/cl/725920	external
https://go.dev/issue/76445	external
https://groups.google.com/g/golang-announce/c/8FJ…	external
https://pkg.go.dev/vuln/GO-2025-4155	external
https://access.redhat.com/security/cve/CVE-2025-64718	self
https://bugzilla.redhat.com/show_bug.cgi?id=2414854	external
https://www.cve.org/CVERecord?id=CVE-2025-64718	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64718	external
https://github.com/nodeca/js-yaml/commit/383665ff…	external
https://github.com/nodeca/js-yaml/security/adviso…	external
https://access.redhat.com/security/cve/CVE-2025-64756	self
https://bugzilla.redhat.com/show_bug.cgi?id=2415451	external
https://www.cve.org/CVERecord?id=CVE-2025-64756	external
https://nvd.nist.gov/vuln/detail/CVE-2025-64756	external
https://github.com/isaacs/node-glob/commit/47473c…	external
https://github.com/isaacs/node-glob/security/advi…	external
https://access.redhat.com/security/cve/CVE-2025-68156	self
https://bugzilla.redhat.com/show_bug.cgi?id=2422891	external
https://www.cve.org/CVERecord?id=CVE-2025-68156	external
https://nvd.nist.gov/vuln/detail/CVE-2025-68156	external
https://github.com/expr-lang/expr/pull/870	external
https://github.com/expr-lang/expr/security/adviso…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new version of Red Hat build of Ceph Storage has been released",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.\nThis release updates to the latest version.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:15979",
        "url": "https://access.redhat.com/errata/RHSA-2026:15979"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-13033",
        "url": "https://access.redhat.com/security/cve/CVE-2025-13033"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
        "url": "https://access.redhat.com/security/cve/CVE-2025-47914"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
        "url": "https://access.redhat.com/security/cve/CVE-2025-58181"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64718",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64718"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
        "url": "https://access.redhat.com/security/cve/CVE-2025-68156"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
        "url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_15979.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Ceph Storage",
    "tracking": {
      "current_release_date": "2026-05-14T07:51:48+00:00",
      "generator": {
        "date": "2026-05-14T07:51:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.9"
        }
      },
      "id": "RHSA-2026:15979",
      "initial_release_date": "2026-05-11T11:23:46+00:00",
      "revision_history": [
        {
          "date": "2026-05-11T11:23:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-11T11:23:58+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T07:51:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Ceph Storage 8.1",
                "product": {
                  "name": "Red Hat Ceph Storage 8.1",
                  "product_id": "Red Hat Ceph Storage 8.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ceph_storage:8.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Ceph Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
                "product": {
                  "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
                  "product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel9@sha256%3A3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
                  "product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
                "product": {
                  "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
                  "product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256%3A2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
                "product": {
                  "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
                  "product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
                  "product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Ae0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
                  "product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-8-rhel9@sha256%3Ab2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
                "product": {
                  "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
                  "product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
                "product": {
                  "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
                  "product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel9@sha256%3Ac27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
                  "product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
                "product": {
                  "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
                  "product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256%3Aaeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
                "product": {
                  "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
                  "product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3Af76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
                  "product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
                  "product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-8-rhel9@sha256%3Af7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
                "product": {
                  "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
                  "product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
                "product": {
                  "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
                  "product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel9@sha256%3Aa6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
                  "product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
                "product": {
                  "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
                  "product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256%3Afa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
                "product": {
                  "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
                  "product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
                  "product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
                  "product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-8-rhel9@sha256%3A5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
                "product": {
                  "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
                  "product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
                  "product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel9@sha256%3A67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
                  "product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
                  "product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel9@sha256%3A02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
                  "product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
                  "product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Acbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
                  "product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-8-rhel9@sha256%3Adf6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
                  "product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Abf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64"
        },
        "product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x"
        },
        "product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
        },
        "product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64"
        },
        "product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64"
        },
        "product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x"
        },
        "product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x"
        },
        "product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64"
        },
        "product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64"
        },
        "product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64"
        },
        "product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x"
        },
        "product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64"
        },
        "product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64"
        },
        "product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le as a component of Red Hat Ceph Storage 8.1",
          "product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
        "relates_to_product_reference": "Red Hat Ceph Storage 8.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-13033",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-10-07T15:03:14.483722+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2402179"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability allows an attacker to force nodemailer to send an email to an attacker-owned email address by leveraging the incorrect handling of quoted local-parts containing the \u0027@\u0027 character in the destination email address. When successfully exploited, this vulnerability may allow an attacker to exfiltrate data by misrouting emails to an unintended domain, presenting a high impact on data confidentiality.\n\nThis vulnerability has been assessed as having a Moderate impact on Red Hat Products by the Red Hat Product Security team. This is because for an attacker successfully exploit this vulnerability, the malicious actor needs to have direct control over the destination email input.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
        ],
        "known_not_affected": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-13033"
        },
        {
          "category": "external",
          "summary": "RHBZ#2402179",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-13033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13033"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodemailer/nodemailer",
          "url": "https://github.com/nodemailer/nodemailer"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626",
          "url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87",
          "url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87"
        }
      ],
      "release_date": "2025-10-07T13:42:02+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-11T11:23:46+00:00",
          "details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        },
        {
          "category": "workaround",
          "details": "Currently there\u0027s no available mitigation for this flaw.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict"
    },
    {
      "cve": "CVE-2025-47914",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-11-19T21:01:06.202641+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416000"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
        ],
        "known_not_affected": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-47914"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416000",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/721960",
          "url": "https://go.dev/cl/721960"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76364",
          "url": "https://go.dev/issue/76364"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
          "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4135",
          "url": "https://pkg.go.dev/vuln/GO-2025-4135"
        }
      ],
      "release_date": "2025-11-19T20:33:43.126000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-11T11:23:46+00:00",
          "details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
    },
    {
      "cve": "CVE-2025-58181",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-11-19T21:00:50.197590+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2415997"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
        ],
        "known_not_affected": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-58181"
        },
        {
          "category": "external",
          "summary": "RHBZ#2415997",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/721961",
          "url": "https://go.dev/cl/721961"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76363",
          "url": "https://go.dev/issue/76363"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
          "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4134",
          "url": "https://pkg.go.dev/vuln/GO-2025-4134"
        }
      ],
      "release_date": "2025-11-19T20:33:42.795000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-11T11:23:46+00:00",
          "details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
    },
    {
      "cve": "CVE-2025-61729",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-12-02T20:01:45.330964+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
        ],
        "known_not_affected": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/725920",
          "url": "https://go.dev/cl/725920"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76445",
          "url": "https://go.dev/issue/76445"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4155",
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "release_date": "2025-12-02T18:54:10.166000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-11T11:23:46+00:00",
          "details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "cve": "CVE-2025-64718",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2025-11-13T16:01:24.744054+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2414854"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A prototype pollution flaw has been discovered in the js-yaml npm library. It\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "js-yaml: js-yaml prototype pollution in merge",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
        ],
        "known_not_affected": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64718"
        },
        {
          "category": "external",
          "summary": "RHBZ#2414854",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414854"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64718",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64718"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879",
          "url": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m",
          "url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m"
        }
      ],
      "release_date": "2025-11-13T15:32:44.634000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-11T11:23:46+00:00",
          "details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "js-yaml: js-yaml prototype pollution in merge"
    },
    {
      "cve": "CVE-2025-64756",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2025-11-17T18:01:28.077927+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2415451"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
        ],
        "known_not_affected": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "RHBZ#2415451",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
          "url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
          "url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
        }
      ],
      "release_date": "2025-11-17T17:29:08.029000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-11T11:23:46+00:00",
          "details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "cve": "CVE-2025-68156",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-16T19:01:42.049157+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2422891"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
        ],
        "known_not_affected": [
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
          "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68156"
        },
        {
          "category": "external",
          "summary": "RHBZ#2422891",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
        },
        {
          "category": "external",
          "summary": "https://github.com/expr-lang/expr/pull/870",
          "url": "https://github.com/expr-lang/expr/pull/870"
        },
        {
          "category": "external",
          "summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
          "url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
        }
      ],
      "release_date": "2025-12-16T18:24:11.648000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-11T11:23:46+00:00",
          "details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
          "product_ids": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
            "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
    }
  ]
}

CVE-2025-68156 (GCVE-0-2025-68156)

Vulnerability from cvelistv5 – Published: 2025-12-16 18:24 – Updated: 2025-12-16 19:59

Title

Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Summary

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/expr-lang/expr/security/adviso…	x_refsource_CONFIRM
https://github.com/expr-lang/expr/pull/870	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expr-lang	expr	Affected: < 1.17.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T19:58:48.969218Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T19:59:24.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "expr",
          "vendor": "expr-lang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.17.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T18:24:11.648Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
        },
        {
          "name": "https://github.com/expr-lang/expr/pull/870",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expr-lang/expr/pull/870"
        }
      ],
      "source": {
        "advisory": "GHSA-cfpf-hrx2-8rv6",
        "discovery": "UNKNOWN"
      },
      "title": "Expr has Denial of Service via Unbounded Recursion in Builtin Functions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68156",
    "datePublished": "2025-12-16T18:24:11.648Z",
    "dateReserved": "2025-12-15T23:02:17.604Z",
    "dateUpdated": "2025-12-16T19:59:24.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61729 (GCVE-0-2025-61729)

Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37

Title

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Summary

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

4 references

URL	Tags
https://go.dev/cl/725920
https://go.dev/issue/76445
https://groups.google.com/g/golang-announce/c/8FJ…
https://pkg.go.dev/vuln/GO-2025-4155

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/x509	Affected: 0 , < 1.24.11 (semver) Affected: 1.25.0 , < 1.25.5 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T21:52:36.341575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T21:52:58.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "Certificate.VerifyHostname"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.5",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T19:37:14.903Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/725920"
        },
        {
          "url": "https://go.dev/issue/76445"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61729",
    "datePublished": "2025-12-02T18:54:10.166Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2025-12-03T19:37:14.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58181 (GCVE-0-2025-58181)

Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:14

Title

Unbounded memory consumption in golang.org/x/crypto/ssh

Summary

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-1284

Assigner

References

4 references

URL	Tags
https://groups.google.com/g/golang-announce/c/w-o…
https://go.dev/cl/721961
https://go.dev/issue/76363
https://pkg.go.dev/vuln/GO-2025-4134

Impacted products

1 product

Vendor	Product	Version
golang.org/x/crypto	golang.org/x/crypto/ssh	Affected: 0 , < 0.45.0 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-58181",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T20:49:06.918113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T20:49:26.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh",
          "product": "golang.org/x/crypto/ssh",
          "programRoutines": [
            {
              "name": "parseGSSAPIPayload"
            },
            {
              "name": "NewServerConn"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.45.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1284",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:14:59.856Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
        },
        {
          "url": "https://go.dev/cl/721961"
        },
        {
          "url": "https://go.dev/issue/76363"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4134"
        }
      ],
      "title": "Unbounded memory consumption in golang.org/x/crypto/ssh"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-58181",
    "datePublished": "2025-11-19T20:33:42.795Z",
    "dateReserved": "2025-08-27T14:50:58.691Z",
    "dateUpdated": "2025-11-20T17:14:59.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13033 (GCVE-0-2025-13033)

Vulnerability from cvelistv5 – Published: 2025-11-14 19:37 – Updated: 2026-05-11 11:26

Title

Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Assigner

redhat

References

7 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:15979	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3751	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13033	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2402179	issue-trackingx_refsource_REDHAT
https://github.com/nodemailer/nodemailer
https://github.com/nodemailer/nodemailer/commit/1…
https://github.com/nodemailer/nodemailer/security…

Impacted products

4 products

Vendor	Product	Version
nodemailer	nodemailer	Affected: 0 , < 7.0.7 (semver)
Red Hat	Red Hat Ceph Storage 8.1	Unaffected: 1777566546 , < * (rpm) cpe:/a:redhat:ceph_storage:8.1::el9
Red Hat	Red Hat Developer Hub 1.9	Unaffected: 1772573159 , < * (rpm) cpe:/a:redhat:rhdh:1.9::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2

Date Public ?

2025-10-07 13:42

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-14T20:00:22.140079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-14T20:00:51.936Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/nodemailer/nodemailer",
          "defaultStatus": "unaffected",
          "packageName": "nodemailer",
          "product": "nodemailer",
          "vendor": "nodemailer",
          "versions": [
            {
              "lessThan": "7.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ceph_storage:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhceph/grafana-rhel9",
          "product": "Red Hat Ceph Storage 8.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1777566546",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhdh:1.9::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhdh/rhdh-hub-rhel9",
          "product": "Red Hat Developer Hub 1.9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1772573159",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-grafana-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-10-07T13:42:02.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T11:26:36.924Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:15979",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        },
        {
          "name": "RHSA-2026:3751",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3751"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-13033"
        },
        {
          "name": "RHBZ#2402179",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
        },
        {
          "url": "https://github.com/nodemailer/nodemailer"
        },
        {
          "url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626"
        },
        {
          "url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-07T15:03:14.483Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-10-07T13:42:02.000Z",
          "value": "Made public."
        }
      ],
      "title": "Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently there\u0027s no available mitigation for this flaw."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1286: Improper Validation of Syntactic Correctness of Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-13033",
    "datePublished": "2025-11-14T19:37:08.224Z",
    "dateReserved": "2025-11-11T16:15:03.749Z",
    "dateUpdated": "2026-05-11T11:26:36.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64756 (GCVE-0-2025-64756)

Vulnerability from cvelistv5 – Published: 2025-11-17 17:29 – Updated: 2025-11-19 02:30

Title

glob CLI: Command injection via -c/--cmd executes matches with shell:true

Summary

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c <command> <patterns> are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/isaacs/node-glob/security/advi…	x_refsource_CONFIRM
https://github.com/isaacs/node-glob/commit/1e4e29…	x_refsource_MISC
https://github.com/isaacs/node-glob/commit/47473c…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
isaacs	node-glob	Affected: >= 10.2.0, < 10.5.0 Affected: >= 11.0.0, < 11.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64756",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-17T18:24:55.363466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T16:37:11.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-glob",
          "vendor": "isaacs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.2.0, \u003c 10.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0, \u003c 11.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-19T02:30:44.520Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
        },
        {
          "name": "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f"
        },
        {
          "name": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
        }
      ],
      "source": {
        "advisory": "GHSA-5j98-mcp5-4vw2",
        "discovery": "UNKNOWN"
      },
      "title": "glob CLI: Command injection via -c/--cmd executes matches with shell:true"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-64756",
    "datePublished": "2025-11-17T17:29:08.029Z",
    "dateReserved": "2025-11-10T22:29:34.874Z",
    "dateUpdated": "2025-11-19T02:30:44.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-47914 (GCVE-0-2025-47914)

Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:15

Title

Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

Summary

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-237

Assigner

References

4 references

URL	Tags
https://groups.google.com/g/golang-announce/c/w-o…
https://go.dev/cl/721960
https://go.dev/issue/76364
https://pkg.go.dev/vuln/GO-2025-4135

Impacted products

1 product

Vendor	Product	Version
golang.org/x/crypto	golang.org/x/crypto/ssh/agent	Affected: 0 , < 0.45.0 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-47914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T20:50:27.263405Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T20:50:30.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh/agent",
          "product": "golang.org/x/crypto/ssh/agent",
          "programRoutines": [
            {
              "name": "parseConstraints"
            },
            {
              "name": "ForwardToAgent"
            },
            {
              "name": "ServeAgent"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.45.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-237",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:15:00.344Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
        },
        {
          "url": "https://go.dev/cl/721960"
        },
        {
          "url": "https://go.dev/issue/76364"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4135"
        }
      ],
      "title": "Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-47914",
    "datePublished": "2025-11-19T20:33:43.126Z",
    "dateReserved": "2025-05-13T23:31:29.597Z",
    "dateUpdated": "2025-11-20T17:15:00.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64718 (GCVE-0-2025-64718)

Vulnerability from cvelistv5 – Published: 2025-11-13 15:32 – Updated: 2026-01-29 22:08

Title

js-yaml has prototype pollution in merge (<<)

Summary

js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/nodeca/js-yaml/security/adviso…	x_refsource_CONFIRM
https://github.com/nodeca/js-yaml/issues/730#issu…	x_refsource_MISC
https://github.com/nodeca/js-yaml/commit/383665ff…	x_refsource_MISC
https://github.com/nodeca/js-yaml/commit/5278870a…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
nodeca	js-yaml	Affected: >= 4.0.0, < 4.1.1 Affected: < 3.14.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64718",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-13T16:18:01.997938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-13T16:18:39.270Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-21T14:38:16.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "js-yaml",
          "vendor": "nodeca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.1.1"
            },
            {
              "status": "affected",
              "version": "\u003c 3.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T22:08:30.431Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m"
        },
        {
          "name": "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876"
        },
        {
          "name": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"
        },
        {
          "name": "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266"
        }
      ],
      "source": {
        "advisory": "GHSA-mh29-5h37-fv8m",
        "discovery": "UNKNOWN"
      },
      "title": "js-yaml has prototype pollution in merge (\u003c\u003c)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-64718",
    "datePublished": "2025-11-13T15:32:44.634Z",
    "dateReserved": "2025-11-10T14:07:42.922Z",
    "dateUpdated": "2026-01-29T22:08:30.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:15979

CVE-2025-68156 (GCVE-0-2025-68156)

CVE-2025-61729 (GCVE-0-2025-61729)

CVE-2025-58181 (GCVE-0-2025-58181)

CVE-2025-13033 (GCVE-0-2025-13033)

CVE-2025-64756 (GCVE-0-2025-64756)

CVE-2025-47914 (GCVE-0-2025-47914)

CVE-2025-64718 (GCVE-0-2025-64718)

Tags

Sightings

Nomenclature